# Flog Txt Version 1 # Analyzer Version: 3.0.2 # Analyzer Build Date: May 3 2019 14:51:36 # Log Creation Date: 06.05.2019 19:42:46.987 Process: id = "1" image_name = "sihvgt.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sihvgt.exe" page_root = "0x467be000" os_pid = "0x73c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x7b8 [0038.080] _alloca_probe () returned 0x409f25 [0038.080] GetProcessHeap () returned 0x570000 [0038.080] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x583e50 [0038.081] GetProcessHeap () returned 0x570000 [0038.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x800) returned 0x584600 [0038.081] GetProcessHeap () returned 0x570000 [0038.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x800) returned 0x584e08 [0038.085] GetProcessHeap () returned 0x570000 [0038.085] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9b4) returned 0x585610 [0038.085] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x584600, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sihvgt.exe")) returned 0x30 [0038.085] GetEnvironmentVariableW (in: lpName="temp", lpBuffer=0x584e08, nSize=0x800 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 0x24 [0038.089] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x1, lpMultiByteStr=0x4013e0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 30 [0038.089] GetProcessHeap () returned 0x570000 [0038.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3c) returned 0x585fd0 [0038.089] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x1, lpMultiByteStr=0x4013e0, cbMultiByte=-1, lpWideCharStr=0x585fd0, cchWideChar=30 | out: lpWideCharStr=".{Killback@protonmail.com}KBK") returned 30 [0038.133] lstrlenA (lpString="Windows,Microsoft,Microsoft Help,Windows App Certification Kit,Windows Defender,ESET,COMODO,Windows NT,Windows Kits,Windows Mail,Windows Media Player,Windows Multimedia Platform,Windows Phone Kits,Windows Phone Silverlight Kits,Windows Photo Viewer,Windows Portable Devices,Windows Sidebar,WindowsPowerShell,NVIDIA Corporation,Microsoft.NET,Internet Explorer,Kaspersky Lab,McAfee,Avira,spytech software,sysconfig,Avast,Dr.Web,Symantec,Symantec_Client_Security,system volume information,AVG,Microsoft Shared,Common Files,Outlook Express,Movie Maker,Chrome,Mozilla Firefox,Opera,YandexBrowser,ntldr,Wsus,ProgramData") returned 613 [0038.133] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x1f10000 [0038.133] RtlAllocateHeap (HeapHandle=0x1f10000, Flags=0x0, Size=0xac) returned 0x1f107d0 [0038.165] lstrlenA (lpString=".{Killback@protonmail.com}KBK,.{Killback@protonmail.com}KBK") returned 59 [0038.166] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x270000 [0038.166] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8) returned 0x2707d0 [0038.166] GetEnvironmentVariableW (in: lpName="appdata", lpBuffer=0x18ef88, nSize=0x800 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x2d [0038.166] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\" [0038.166] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0038.166] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\", lpString2="sihvgt.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sihvgt.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sihvgt.exe" [0038.167] lstrcmpiW (lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sihvgt.exe") returned 1 [0038.170] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sihvgt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\sihvgt.exe")) returned 0xffffffff [0038.170] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sihvgt.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sihvgt.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\sihvgt.exe"), bFailIfExists=0) returned 1 [0038.181] _alloca_probe () returned 0x409d4d [0038.182] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", ulOptions=0x0, samDesired=0x20019, phkResult=0x18df68 | out: phkResult=0x18df68*=0x70) returned 0x0 [0038.182] RegQueryValueExW (in: hKey=0x70, lpValueName="BrowserUpdateCheck", lpReserved=0x0, lpType=0x0, lpData=0x18df70, lpcbData=0x18df6c*=0x800 | out: lpType=0x0, lpData=0x18df70*=0x45, lpcbData=0x18df6c*=0x800) returned 0x2 [0038.182] lstrcmpiW (lpString1="E", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sihvgt.exe") returned 1 [0038.182] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\RunOnce", Reserved=0x0, lpClass=0x0, dwOptions=0x1, samDesired=0x20006, lpSecurityAttributes=0x0, phkResult=0x18df68, lpdwDisposition=0x0 | out: phkResult=0x18df68*=0x78, lpdwDisposition=0x0) returned 0x0 [0038.182] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sihvgt.exe") returned 56 [0038.182] RegSetValueExW (in: hKey=0x78, lpValueName="BrowserUpdateCheck", Reserved=0x0, dwType=0x1, lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sihvgt.exe", cbData=0x70 | out: lpData="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\sihvgt.exe") returned 0x0 [0038.182] RegCloseKey (hKey=0x78) returned 0x0 [0038.182] GetProcessHeap () returned 0x570000 [0038.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x800) returned 0x586198 [0038.183] GetEnvironmentVariableW (in: lpName="public", lpBuffer=0x586198, nSize=0x800 | out: lpBuffer="C:\\Users\\Public") returned 0xf [0038.183] GetProcessHeap () returned 0x570000 [0038.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x5869a0 [0038.183] GetProcessHeap () returned 0x570000 [0038.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x41) returned 0x5869e8 [0038.183] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x1, lpMultiByteStr=0x5869e8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 65 [0038.183] GetProcessHeap () returned 0x570000 [0038.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x82) returned 0x586a38 [0038.183] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x1, lpMultiByteStr=0x5869e8, cbMultiByte=-1, lpWideCharStr=0x586a38, cchWideChar=65 | out: lpWideCharStr="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 65 [0038.183] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x1, lpMultiByteStr=0x401404, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 19 [0038.183] GetProcessHeap () returned 0x570000 [0038.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x26) returned 0x586ac8 [0038.183] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x1, lpMultiByteStr=0x401404, cbMultiByte=-1, lpWideCharStr=0x586ac8, cchWideChar=19 | out: lpWideCharStr="decrypt_files.html") returned 19 [0038.188] lstrcpyW (in: lpString1=0x40d000, lpString2="decrypt_files.html" | out: lpString1="decrypt_files.html") returned="decrypt_files.html" [0038.188] GetProcessHeap () returned 0x570000 [0038.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x800) returned 0x586af8 [0038.189] lstrcpyW (in: lpString1=0x586af8, lpString2="C:\\Users\\Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0038.189] PathAddBackslashW (in: pszPath="C:\\Users\\Public" | out: pszPath="C:\\Users\\Public\\") returned="" [0038.189] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887" | out: lpString1="C:\\Users\\Public\\93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned="C:\\Users\\Public\\93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887" [0038.189] CreateFileW (lpFileName="C:\\Users\\Public\\93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887" (normalized: "c:\\users\\public\\93603cf02eaf23f319bb1ef860a69ba06c8e84ce34898e7a109832b06cddb887"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x78 [0038.190] GetLastError () returned 0x0 [0038.190] lstrlenA (lpString="rsa_genkey") returned 10 [0038.190] CryptAcquireContextW (in: phProv=0x18e448, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18e448*=0x5873a0) returned 1 [0038.471] CryptGenRandom (in: hProv=0x5873a0, dwLen=0x80, pbBuffer=0x18e460 | out: pbBuffer=0x18e460) returned 1 [0038.471] CryptReleaseContext (hProv=0x5873a0, dwFlags=0x0) returned 1 [0038.471] GetProcessHeap () returned 0x570000 [0038.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x588798 [0038.471] GetProcessHeap () returned 0x570000 [0038.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x587620 [0038.471] GetProcessHeap () returned 0x570000 [0038.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x5876b0 [0038.471] GetProcessHeap () returned 0x570000 [0038.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x5876f8 [0038.471] GetProcessHeap () returned 0x570000 [0038.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x587740 [0038.471] GetProcessHeap () returned 0x570000 [0038.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x587340 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587740 | out: hHeap=0x570000) returned 1 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x587390 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x5873e0 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x5887a8 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x587470 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x587500 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x587740 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8c) returned 0x588d30 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.472] GetProcessHeap () returned 0x570000 [0038.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef58 [0038.473] GetProcessHeap () returned 0x570000 [0038.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588dc8 [0038.473] GetProcessHeap () returned 0x570000 [0038.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587740 | out: hHeap=0x570000) returned 1 [0038.473] GetProcessHeap () returned 0x570000 [0038.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588e18 [0038.473] GetProcessHeap () returned 0x570000 [0038.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588dc8 | out: hHeap=0x570000) returned 1 [0038.473] GetProcessHeap () returned 0x570000 [0038.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887b8 [0038.473] GetProcessHeap () returned 0x570000 [0038.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef70 [0038.473] GetProcessHeap () returned 0x570000 [0038.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.473] GetProcessHeap () returned 0x570000 [0038.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887b8 | out: hHeap=0x570000) returned 1 [0038.473] GetProcessHeap () returned 0x570000 [0038.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x48) returned 0x588dc8 [0038.473] GetProcessHeap () returned 0x570000 [0038.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef70 | out: hHeap=0x570000) returned 1 [0038.473] GetProcessHeap () returned 0x570000 [0038.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588ea8 [0038.474] GetProcessHeap () returned 0x570000 [0038.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588dc8 | out: hHeap=0x570000) returned 1 [0038.474] GetProcessHeap () returned 0x570000 [0038.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.474] GetProcessHeap () returned 0x570000 [0038.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.474] GetProcessHeap () returned 0x570000 [0038.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.474] GetProcessHeap () returned 0x570000 [0038.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.474] GetProcessHeap () returned 0x570000 [0038.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.474] GetProcessHeap () returned 0x570000 [0038.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.474] GetProcessHeap () returned 0x570000 [0038.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.474] GetProcessHeap () returned 0x570000 [0038.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.474] GetProcessHeap () returned 0x570000 [0038.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.475] GetProcessHeap () returned 0x570000 [0038.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.475] GetProcessHeap () returned 0x570000 [0038.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.475] GetProcessHeap () returned 0x570000 [0038.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.475] GetProcessHeap () returned 0x570000 [0038.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.475] GetProcessHeap () returned 0x570000 [0038.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.475] GetProcessHeap () returned 0x570000 [0038.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.475] GetProcessHeap () returned 0x570000 [0038.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.475] GetProcessHeap () returned 0x570000 [0038.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.475] GetProcessHeap () returned 0x570000 [0038.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.475] GetProcessHeap () returned 0x570000 [0038.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.476] GetProcessHeap () returned 0x570000 [0038.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.476] GetProcessHeap () returned 0x570000 [0038.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.476] GetProcessHeap () returned 0x570000 [0038.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.476] GetProcessHeap () returned 0x570000 [0038.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.476] GetProcessHeap () returned 0x570000 [0038.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.476] GetProcessHeap () returned 0x570000 [0038.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.476] GetProcessHeap () returned 0x570000 [0038.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.476] GetProcessHeap () returned 0x570000 [0038.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.476] GetProcessHeap () returned 0x570000 [0038.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.476] GetProcessHeap () returned 0x570000 [0038.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.477] GetProcessHeap () returned 0x570000 [0038.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.477] GetProcessHeap () returned 0x570000 [0038.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.477] GetProcessHeap () returned 0x570000 [0038.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.477] GetProcessHeap () returned 0x570000 [0038.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.477] GetProcessHeap () returned 0x570000 [0038.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.477] GetProcessHeap () returned 0x570000 [0038.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.477] GetProcessHeap () returned 0x570000 [0038.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.477] GetProcessHeap () returned 0x570000 [0038.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.477] GetProcessHeap () returned 0x570000 [0038.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.477] GetProcessHeap () returned 0x570000 [0038.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.477] GetProcessHeap () returned 0x570000 [0038.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.478] GetProcessHeap () returned 0x570000 [0038.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.478] GetProcessHeap () returned 0x570000 [0038.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.478] GetProcessHeap () returned 0x570000 [0038.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.478] GetProcessHeap () returned 0x570000 [0038.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.478] GetProcessHeap () returned 0x570000 [0038.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.478] GetProcessHeap () returned 0x570000 [0038.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.478] GetProcessHeap () returned 0x570000 [0038.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.478] GetProcessHeap () returned 0x570000 [0038.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.478] GetProcessHeap () returned 0x570000 [0038.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.478] GetProcessHeap () returned 0x570000 [0038.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.478] GetProcessHeap () returned 0x570000 [0038.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.479] GetProcessHeap () returned 0x570000 [0038.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.479] GetProcessHeap () returned 0x570000 [0038.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.479] GetProcessHeap () returned 0x570000 [0038.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.479] GetProcessHeap () returned 0x570000 [0038.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.479] GetProcessHeap () returned 0x570000 [0038.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.479] GetProcessHeap () returned 0x570000 [0038.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.479] GetProcessHeap () returned 0x570000 [0038.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.479] GetProcessHeap () returned 0x570000 [0038.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587500 | out: hHeap=0x570000) returned 1 [0038.479] GetProcessHeap () returned 0x570000 [0038.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e18 | out: hHeap=0x570000) returned 1 [0038.479] GetProcessHeap () returned 0x570000 [0038.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588d30 | out: hHeap=0x570000) returned 1 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ea8 | out: hHeap=0x570000) returned 1 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef58 | out: hHeap=0x570000) returned 1 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x587500 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x587550 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588d30 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588d80 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588dd0 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588e20 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588e70 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588ec0 [0038.480] GetProcessHeap () returned 0x570000 [0038.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588f10 [0038.481] GetProcessHeap () returned 0x570000 [0038.481] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588f60 [0038.481] GetProcessHeap () returned 0x570000 [0038.481] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588fc8 [0038.481] GetProcessHeap () returned 0x570000 [0038.481] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589018 [0038.481] GetProcessHeap () returned 0x570000 [0038.481] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589068 [0038.481] GetProcessHeap () returned 0x570000 [0038.481] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x5890b8 [0038.481] GetProcessHeap () returned 0x570000 [0038.481] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589108 [0038.481] GetProcessHeap () returned 0x570000 [0038.481] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589158 [0038.482] GetProcessHeap () returned 0x570000 [0038.482] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587500 | out: hHeap=0x570000) returned 1 [0038.482] GetProcessHeap () returned 0x570000 [0038.482] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587550 | out: hHeap=0x570000) returned 1 [0038.482] GetProcessHeap () returned 0x570000 [0038.482] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588d30 | out: hHeap=0x570000) returned 1 [0038.482] GetProcessHeap () returned 0x570000 [0038.482] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588d80 | out: hHeap=0x570000) returned 1 [0038.482] GetProcessHeap () returned 0x570000 [0038.482] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588dd0 | out: hHeap=0x570000) returned 1 [0038.482] GetProcessHeap () returned 0x570000 [0038.482] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e20 | out: hHeap=0x570000) returned 1 [0038.482] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e70 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ec0 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f10 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f60 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fc8 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589018 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589068 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5890b8 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589158 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.483] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587390 | out: hHeap=0x570000) returned 1 [0038.483] GetProcessHeap () returned 0x570000 [0038.484] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5873e0 | out: hHeap=0x570000) returned 1 [0038.484] GetProcessHeap () returned 0x570000 [0038.484] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876b0 | out: hHeap=0x570000) returned 1 [0038.484] GetProcessHeap () returned 0x570000 [0038.484] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0038.484] GetProcessHeap () returned 0x570000 [0038.484] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587340 | out: hHeap=0x570000) returned 1 [0038.484] GetProcessHeap () returned 0x570000 [0038.484] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587470 | out: hHeap=0x570000) returned 1 [0038.484] GetProcessHeap () returned 0x570000 [0038.484] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x5876f8 [0038.484] GetProcessHeap () returned 0x570000 [0038.484] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x5876b0 [0038.484] GetProcessHeap () returned 0x570000 [0038.484] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x587740 [0038.484] GetProcessHeap () returned 0x570000 [0038.484] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589158 [0038.484] GetProcessHeap () returned 0x570000 [0038.484] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587740 | out: hHeap=0x570000) returned 1 [0038.484] GetProcessHeap () returned 0x570000 [0038.484] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589108 [0038.485] GetProcessHeap () returned 0x570000 [0038.485] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x587340 [0038.485] GetProcessHeap () returned 0x570000 [0038.485] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x5887a8 [0038.485] GetProcessHeap () returned 0x570000 [0038.485] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x5873d0 [0038.485] GetProcessHeap () returned 0x570000 [0038.485] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.485] GetProcessHeap () returned 0x570000 [0038.485] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x587460 [0038.485] GetProcessHeap () returned 0x570000 [0038.485] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x587740 [0038.485] GetProcessHeap () returned 0x570000 [0038.485] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8c) returned 0x5874f0 [0038.485] GetProcessHeap () returned 0x570000 [0038.485] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.485] GetProcessHeap () returned 0x570000 [0038.485] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef58 [0038.485] GetProcessHeap () returned 0x570000 [0038.485] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x5890b8 [0038.485] GetProcessHeap () returned 0x570000 [0038.486] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587740 | out: hHeap=0x570000) returned 1 [0038.486] GetProcessHeap () returned 0x570000 [0038.486] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588d30 [0038.486] GetProcessHeap () returned 0x570000 [0038.486] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5890b8 | out: hHeap=0x570000) returned 1 [0038.486] GetProcessHeap () returned 0x570000 [0038.486] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887b8 [0038.486] GetProcessHeap () returned 0x570000 [0038.486] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef70 [0038.486] GetProcessHeap () returned 0x570000 [0038.486] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.486] GetProcessHeap () returned 0x570000 [0038.486] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887b8 | out: hHeap=0x570000) returned 1 [0038.486] GetProcessHeap () returned 0x570000 [0038.486] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x48) returned 0x5890b8 [0038.486] GetProcessHeap () returned 0x570000 [0038.486] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef70 | out: hHeap=0x570000) returned 1 [0038.486] GetProcessHeap () returned 0x570000 [0038.486] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588dc0 [0038.486] GetProcessHeap () returned 0x570000 [0038.486] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5890b8 | out: hHeap=0x570000) returned 1 [0038.486] GetProcessHeap () returned 0x570000 [0038.487] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.487] GetProcessHeap () returned 0x570000 [0038.487] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.487] GetProcessHeap () returned 0x570000 [0038.487] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.487] GetProcessHeap () returned 0x570000 [0038.487] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.487] GetProcessHeap () returned 0x570000 [0038.487] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.487] GetProcessHeap () returned 0x570000 [0038.487] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.487] GetProcessHeap () returned 0x570000 [0038.487] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.487] GetProcessHeap () returned 0x570000 [0038.487] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.487] GetProcessHeap () returned 0x570000 [0038.487] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.487] GetProcessHeap () returned 0x570000 [0038.487] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.487] GetProcessHeap () returned 0x570000 [0038.487] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.487] GetProcessHeap () returned 0x570000 [0038.488] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.488] GetProcessHeap () returned 0x570000 [0038.488] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.488] GetProcessHeap () returned 0x570000 [0038.488] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.488] GetProcessHeap () returned 0x570000 [0038.488] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.488] GetProcessHeap () returned 0x570000 [0038.488] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.488] GetProcessHeap () returned 0x570000 [0038.488] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.488] GetProcessHeap () returned 0x570000 [0038.488] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.488] GetProcessHeap () returned 0x570000 [0038.488] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.488] GetProcessHeap () returned 0x570000 [0038.488] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.488] GetProcessHeap () returned 0x570000 [0038.488] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.488] GetProcessHeap () returned 0x570000 [0038.488] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.488] GetProcessHeap () returned 0x570000 [0038.489] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.489] GetProcessHeap () returned 0x570000 [0038.489] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.489] GetProcessHeap () returned 0x570000 [0038.489] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.489] GetProcessHeap () returned 0x570000 [0038.489] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.489] GetProcessHeap () returned 0x570000 [0038.489] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.489] GetProcessHeap () returned 0x570000 [0038.489] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.489] GetProcessHeap () returned 0x570000 [0038.489] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.489] GetProcessHeap () returned 0x570000 [0038.489] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.489] GetProcessHeap () returned 0x570000 [0038.489] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.489] GetProcessHeap () returned 0x570000 [0038.489] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.490] GetProcessHeap () returned 0x570000 [0038.490] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.491] GetProcessHeap () returned 0x570000 [0038.491] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587460 | out: hHeap=0x570000) returned 1 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588d30 | out: hHeap=0x570000) returned 1 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5874f0 | out: hHeap=0x570000) returned 1 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588dc0 | out: hHeap=0x570000) returned 1 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef58 | out: hHeap=0x570000) returned 1 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x5890b8 [0038.492] GetProcessHeap () returned 0x570000 [0038.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589068 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589018 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x588fc8 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x5891a8 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x5891f8 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589248 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589298 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x5892e8 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589338 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589388 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x5893d8 [0038.493] GetProcessHeap () returned 0x570000 [0038.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589428 [0038.493] GetProcessHeap () returned 0x570000 [0038.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589478 [0038.494] GetProcessHeap () returned 0x570000 [0038.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x5894c8 [0038.494] GetProcessHeap () returned 0x570000 [0038.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589518 [0038.494] GetProcessHeap () returned 0x570000 [0038.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5890b8 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589068 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589018 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fc8 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5891a8 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5891f8 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589248 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589298 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5892e8 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589338 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589388 | out: hHeap=0x570000) returned 1 [0038.495] GetProcessHeap () returned 0x570000 [0038.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5893d8 | out: hHeap=0x570000) returned 1 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589428 | out: hHeap=0x570000) returned 1 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589478 | out: hHeap=0x570000) returned 1 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5894c8 | out: hHeap=0x570000) returned 1 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589518 | out: hHeap=0x570000) returned 1 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587340 | out: hHeap=0x570000) returned 1 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x587340 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x587460 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x587740 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x5874e8 [0038.496] GetProcessHeap () returned 0x570000 [0038.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.496] GetProcessHeap () returned 0x570000 [0038.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef58 [0038.497] GetProcessHeap () returned 0x570000 [0038.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588d30 [0038.497] GetProcessHeap () returned 0x570000 [0038.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587460 | out: hHeap=0x570000) returned 1 [0038.497] GetProcessHeap () returned 0x570000 [0038.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589108 [0038.497] GetProcessHeap () returned 0x570000 [0038.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587740 | out: hHeap=0x570000) returned 1 [0038.497] GetProcessHeap () returned 0x570000 [0038.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588dc0 [0038.497] GetProcessHeap () returned 0x570000 [0038.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0038.497] GetProcessHeap () returned 0x570000 [0038.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887b8 [0038.497] GetProcessHeap () returned 0x570000 [0038.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef70 [0038.497] GetProcessHeap () returned 0x570000 [0038.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.497] GetProcessHeap () returned 0x570000 [0038.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887b8 | out: hHeap=0x570000) returned 1 [0038.498] GetProcessHeap () returned 0x570000 [0038.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x48) returned 0x589108 [0038.498] GetProcessHeap () returned 0x570000 [0038.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef70 | out: hHeap=0x570000) returned 1 [0038.498] GetProcessHeap () returned 0x570000 [0038.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588e50 [0038.498] GetProcessHeap () returned 0x570000 [0038.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0038.498] GetProcessHeap () returned 0x570000 [0038.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.498] GetProcessHeap () returned 0x570000 [0038.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.498] GetProcessHeap () returned 0x570000 [0038.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.498] GetProcessHeap () returned 0x570000 [0038.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.498] GetProcessHeap () returned 0x570000 [0038.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.498] GetProcessHeap () returned 0x570000 [0038.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.498] GetProcessHeap () returned 0x570000 [0038.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.499] GetProcessHeap () returned 0x570000 [0038.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.499] GetProcessHeap () returned 0x570000 [0038.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.499] GetProcessHeap () returned 0x570000 [0038.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.499] GetProcessHeap () returned 0x570000 [0038.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.499] GetProcessHeap () returned 0x570000 [0038.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.499] GetProcessHeap () returned 0x570000 [0038.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.499] GetProcessHeap () returned 0x570000 [0038.510] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.510] GetProcessHeap () returned 0x570000 [0038.510] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.510] GetProcessHeap () returned 0x570000 [0038.510] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.510] GetProcessHeap () returned 0x570000 [0038.510] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.510] GetProcessHeap () returned 0x570000 [0038.511] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.511] GetProcessHeap () returned 0x570000 [0038.511] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.512] GetProcessHeap () returned 0x570000 [0038.512] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588d30 | out: hHeap=0x570000) returned 1 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588dc0 | out: hHeap=0x570000) returned 1 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5874e8 | out: hHeap=0x570000) returned 1 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e50 | out: hHeap=0x570000) returned 1 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef58 | out: hHeap=0x570000) returned 1 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x587460 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x587740 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x5874e8 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef58 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588d30 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587460 | out: hHeap=0x570000) returned 1 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589108 [0038.513] GetProcessHeap () returned 0x570000 [0038.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587740 | out: hHeap=0x570000) returned 1 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588dc0 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887b8 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef70 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887b8 | out: hHeap=0x570000) returned 1 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x48) returned 0x589108 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef70 | out: hHeap=0x570000) returned 1 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588e50 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.514] GetProcessHeap () returned 0x570000 [0038.514] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.515] GetProcessHeap () returned 0x570000 [0038.515] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.515] GetProcessHeap () returned 0x570000 [0038.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.516] GetProcessHeap () returned 0x570000 [0038.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.516] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588d30 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588dc0 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5874e8 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e50 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef58 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876b0 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587340 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589158 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5873d0 | out: hHeap=0x570000) returned 1 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x5876b0 [0038.517] GetProcessHeap () returned 0x570000 [0038.517] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x5876f8 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x587740 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589158 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587740 | out: hHeap=0x570000) returned 1 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589108 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x587340 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x5887a8 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x5873d0 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x587460 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x40) returned 0x587740 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8c) returned 0x5874f0 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef58 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x44) returned 0x589518 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587740 | out: hHeap=0x570000) returned 1 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588d30 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589518 | out: hHeap=0x570000) returned 1 [0038.518] GetProcessHeap () returned 0x570000 [0038.518] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887b8 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef70 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887b8 | out: hHeap=0x570000) returned 1 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x48) returned 0x589518 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef70 | out: hHeap=0x570000) returned 1 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x588dc0 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589518 | out: hHeap=0x570000) returned 1 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.519] GetProcessHeap () returned 0x570000 [0038.519] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.520] GetProcessHeap () returned 0x570000 [0038.520] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.520] GetProcessHeap () returned 0x570000 [0038.521] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.521] GetProcessHeap () returned 0x570000 [0038.521] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.522] GetProcessHeap () returned 0x570000 [0038.522] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.522] GetProcessHeap () returned 0x570000 [0038.522] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.522] GetProcessHeap () returned 0x570000 [0038.522] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589518 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5894c8 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589478 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589428 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5893d8 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589388 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589338 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5892e8 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589298 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589248 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5891f8 | out: hHeap=0x570000) returned 1 [0038.547] GetProcessHeap () returned 0x570000 [0038.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5891a8 | out: hHeap=0x570000) returned 1 [0038.548] GetProcessHeap () returned 0x570000 [0038.548] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fc8 | out: hHeap=0x570000) returned 1 [0038.566] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0038.566] WriteFile (in: hFile=0x78, lpBuffer=0x18dd48*, nNumberOfBytesToWrite=0x102, lpNumberOfBytesWritten=0x18e700, lpOverlapped=0x0 | out: lpBuffer=0x18dd48*, lpNumberOfBytesWritten=0x18e700*=0x102, lpOverlapped=0x0) returned 1 [0038.567] GetProcessHeap () returned 0x570000 [0038.567] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x5876b0 [0038.567] GetProcessHeap () returned 0x570000 [0038.567] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x587740 [0038.567] GetProcessHeap () returned 0x570000 [0038.567] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc0) returned 0x588ec8 [0038.567] lstrlenA (lpString="rsa_encrypt") returned 11 [0038.567] CryptAcquireContextW (in: phProv=0x18da3c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x18da3c*=0x5873c8) returned 1 [0038.568] CryptGenRandom (in: hProv=0x5873c8, dwLen=0x80, pbBuffer=0x18da54 | out: pbBuffer=0x18da54) returned 1 [0038.568] CryptReleaseContext (hProv=0x5873c8, dwFlags=0x0) returned 1 [0038.568] lstrlenA (lpString="B0B1A58DED470256A008B6EE13375B435D948C63817B782B70EFA431C44C65DAD6FE3BA30A9A65D801B538FA29CFC986CDB9D84CCC1E8BD13FF4791EE0380AD4EE22591C1F3ABE24B325F2C6FC246F1D995BC443D20BFCD4A99880278B4F919B48798C9D75698CD914683BDA8E7AA6DBA2AD2CF07665F221B92CB8DD4E85854F230EBABFFB0556DDE675F1B97848EB97FA7E57C715A1AFBD0BE3136785051C04F9404EF9C9968477841BACC583B0AB6B6D4EBED0DD78D8ED04AF334C9BABA442204AB722A45ADE99E35BEA6EE2C31628DEC62ECF1B284B81F9B7AFB53B0F3D15DD9C89FF60FB99F5D498E5F8ADB98E4893DE504E6EEFC78BC4B74307AAE705C5") returned 512 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x100) returned 0x588d30 [0038.568] lstrlenA (lpString="010001") returned 6 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x588f90 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x100) returned 0x5873c8 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58bfb0 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5873c8 | out: hHeap=0x570000) returned 1 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x208) returned 0x58e0c0 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x588fa0 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x204) returned 0x58e2d0 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x204) returned 0x58e4e0 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x100) returned 0x5873c8 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x20c) returned 0x58e6f0 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef58 [0038.568] GetProcessHeap () returned 0x570000 [0038.568] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0038.568] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5873c8 | out: hHeap=0x570000) returned 1 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x204) returned 0x58e908 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x5887a8 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x57ef70 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5887a8 | out: hHeap=0x570000) returned 1 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef70 | out: hHeap=0x570000) returned 1 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x204) returned 0x58eb18 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.569] GetProcessHeap () returned 0x570000 [0038.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.570] GetProcessHeap () returned 0x570000 [0038.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.570] GetProcessHeap () returned 0x570000 [0038.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.571] GetProcessHeap () returned 0x570000 [0038.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.572] GetProcessHeap () returned 0x570000 [0038.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.572] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.573] GetProcessHeap () returned 0x570000 [0038.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.573] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.574] GetProcessHeap () returned 0x570000 [0038.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.575] GetProcessHeap () returned 0x570000 [0038.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.576] GetProcessHeap () returned 0x570000 [0038.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.577] GetProcessHeap () returned 0x570000 [0038.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.578] GetProcessHeap () returned 0x570000 [0038.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.579] GetProcessHeap () returned 0x570000 [0038.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.579] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.580] GetProcessHeap () returned 0x570000 [0038.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.580] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.581] GetProcessHeap () returned 0x570000 [0038.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.582] GetProcessHeap () returned 0x570000 [0038.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x588fa0 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588fa0 | out: hHeap=0x570000) returned 1 [0038.583] GetProcessHeap () returned 0x570000 [0038.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58e4e0 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58e908 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58e6f0 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eb18 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x57ef58 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58e0c0 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58bfb0 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58e2d0 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f90 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588d30 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ec8 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876b0 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587740 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587a10 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5877d0 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587788 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587620 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e40 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588798 | out: hHeap=0x570000) returned 1 [0038.584] GetProcessHeap () returned 0x570000 [0038.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587340 | out: hHeap=0x570000) returned 1 [0038.585] GetProcessHeap () returned 0x570000 [0038.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x400) returned 0x58e0c0 [0038.585] lstrcpyA (in: lpString1=0x40cbe0, lpString2="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n" | out: lpString1="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n" [0038.585] SetFilePointer (in: hFile=0x78, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x0) returned 0x102 [0038.585] WriteFile (in: hFile=0x78, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x18ef6c, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x18ef6c*=0x300, lpOverlapped=0x0) returned 1 [0038.585] CloseHandle (hObject=0x78) returned 1 [0039.691] GetProcessHeap () returned 0x570000 [0039.691] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12cb) returned 0x58e4c8 [0039.704] StrStrA (lpFirst="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
{{IDENTIFIER}}\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n\x154\x10@", lpSrch="{{IDENTIFIER}}") returned="{{IDENTIFIER}}\r\n\r\n \r\n \r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n\x154\x10@" [0039.705] lstrlenA (lpString="{{IDENTIFIER}}") returned 14 [0039.705] GetProcessHeap () returned 0x570000 [0039.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xfffdf2) returned 0x21f0020 [0039.705] GetProcessHeap () returned 0x570000 [0039.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58e4c8 | out: hHeap=0x570000) returned 1 [0039.705] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0039.706] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x78 [0039.709] Process32FirstW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0039.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0039.709] GetProcessHeap () returned 0x570000 [0039.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x588798 [0039.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x588798, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0039.709] lstrlenW (lpString="[System Process]") returned 16 [0039.709] StrStrA (lpFirst="[system process]", lpSrch="sql") returned 0x0 [0039.709] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0039.709] GetProcessHeap () returned 0x570000 [0039.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x58bfb0 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x58bfb0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0039.710] lstrlenW (lpString="[System Process]") returned 16 [0039.710] StrStrA (lpFirst="[system process]", lpSrch="outlook") returned 0x0 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0039.710] GetProcessHeap () returned 0x570000 [0039.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x58bfd0 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x58bfd0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0039.710] lstrlenW (lpString="[System Process]") returned 16 [0039.710] StrStrA (lpFirst="[system process]", lpSrch="ssms") returned 0x0 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0039.710] GetProcessHeap () returned 0x570000 [0039.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x58bff0 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x58bff0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0039.710] lstrlenW (lpString="[System Process]") returned 16 [0039.710] StrStrA (lpFirst="[system process]", lpSrch="postgre") returned 0x0 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0039.710] GetProcessHeap () returned 0x570000 [0039.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x58c010 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x58c010, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0039.710] lstrlenW (lpString="[System Process]") returned 16 [0039.710] StrStrA (lpFirst="[system process]", lpSrch="1c") returned 0x0 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0039.710] GetProcessHeap () returned 0x570000 [0039.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x58c030 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x58c030, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0039.710] lstrlenW (lpString="[System Process]") returned 16 [0039.710] StrStrA (lpFirst="[system process]", lpSrch="excel") returned 0x0 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0039.710] GetProcessHeap () returned 0x570000 [0039.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x58c050 [0039.710] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="[System Process]", cchWideChar=-1, lpMultiByteStr=0x58c050, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[System Process]", lpUsedDefaultChar=0x0) returned 17 [0039.710] lstrlenW (lpString="[System Process]") returned 16 [0039.711] StrStrA (lpFirst="[system process]", lpSrch="word") returned 0x0 [0039.711] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4e, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0039.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0039.711] GetProcessHeap () returned 0x570000 [0039.711] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x5887b8 [0039.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x5887b8, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0039.711] lstrlenW (lpString="System") returned 6 [0039.711] StrStrA (lpFirst="system", lpSrch="sql") returned 0x0 [0039.711] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0039.711] GetProcessHeap () returned 0x570000 [0039.711] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58c070 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x58c070, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0039.712] lstrlenW (lpString="System") returned 6 [0039.712] StrStrA (lpFirst="system", lpSrch="outlook") returned 0x0 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0039.712] GetProcessHeap () returned 0x570000 [0039.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58c080 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x58c080, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0039.712] lstrlenW (lpString="System") returned 6 [0039.712] StrStrA (lpFirst="system", lpSrch="ssms") returned 0x0 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0039.712] GetProcessHeap () returned 0x570000 [0039.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58c090 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x58c090, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0039.712] lstrlenW (lpString="System") returned 6 [0039.712] StrStrA (lpFirst="system", lpSrch="postgre") returned 0x0 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0039.712] GetProcessHeap () returned 0x570000 [0039.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58c0a0 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x58c0a0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0039.712] lstrlenW (lpString="System") returned 6 [0039.712] StrStrA (lpFirst="system", lpSrch="1c") returned 0x0 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0039.712] GetProcessHeap () returned 0x570000 [0039.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58c0b0 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x58c0b0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0039.712] lstrlenW (lpString="System") returned 6 [0039.712] StrStrA (lpFirst="system", lpSrch="excel") returned 0x0 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0039.712] GetProcessHeap () returned 0x570000 [0039.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x587340 [0039.712] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System", cchWideChar=-1, lpMultiByteStr=0x587340, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System", lpUsedDefaultChar=0x0) returned 7 [0039.712] lstrlenW (lpString="System") returned 6 [0039.712] StrStrA (lpFirst="system", lpSrch="word") returned 0x0 [0039.713] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0039.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0039.713] GetProcessHeap () returned 0x570000 [0039.713] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x57ef58 [0039.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x57ef58, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0039.713] lstrlenW (lpString="smss.exe") returned 8 [0039.713] StrStrA (lpFirst="smss.exe", lpSrch="sql") returned 0x0 [0039.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0039.713] GetProcessHeap () returned 0x570000 [0039.713] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x57ef70 [0039.713] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x57ef70, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0039.713] lstrlenW (lpString="smss.exe") returned 8 [0039.714] StrStrA (lpFirst="smss.exe", lpSrch="outlook") returned 0x0 [0039.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0039.714] GetProcessHeap () returned 0x570000 [0039.714] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x57ef88 [0039.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x57ef88, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0039.714] lstrlenW (lpString="smss.exe") returned 8 [0039.714] StrStrA (lpFirst="smss.exe", lpSrch="ssms") returned 0x0 [0039.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0039.714] GetProcessHeap () returned 0x570000 [0039.714] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x57efa0 [0039.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x57efa0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0039.714] lstrlenW (lpString="smss.exe") returned 8 [0039.714] StrStrA (lpFirst="smss.exe", lpSrch="postgre") returned 0x0 [0039.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0039.714] GetProcessHeap () returned 0x570000 [0039.714] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x57efb8 [0039.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x57efb8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0039.714] lstrlenW (lpString="smss.exe") returned 8 [0039.714] StrStrA (lpFirst="smss.exe", lpSrch="1c") returned 0x0 [0039.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0039.714] GetProcessHeap () returned 0x570000 [0039.714] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x57efd0 [0039.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x57efd0, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0039.714] lstrlenW (lpString="smss.exe") returned 8 [0039.714] StrStrA (lpFirst="smss.exe", lpSrch="excel") returned 0x0 [0039.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0039.714] GetProcessHeap () returned 0x570000 [0039.714] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x57efe8 [0039.714] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="smss.exe", cchWideChar=-1, lpMultiByteStr=0x57efe8, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="smss.exe", lpUsedDefaultChar=0x0) returned 9 [0039.714] lstrlenW (lpString="smss.exe") returned 8 [0039.714] StrStrA (lpFirst="smss.exe", lpSrch="word") returned 0x0 [0039.714] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0039.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.715] GetProcessHeap () returned 0x570000 [0039.715] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e4e0 [0039.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e4e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.715] lstrlenW (lpString="csrss.exe") returned 9 [0039.715] StrStrA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0039.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.715] GetProcessHeap () returned 0x570000 [0039.715] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e4f8 [0039.715] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e4f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.715] lstrlenW (lpString="csrss.exe") returned 9 [0039.716] StrStrA (lpFirst="csrss.exe", lpSrch="outlook") returned 0x0 [0039.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.716] GetProcessHeap () returned 0x570000 [0039.716] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e510 [0039.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e510, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.716] lstrlenW (lpString="csrss.exe") returned 9 [0039.716] StrStrA (lpFirst="csrss.exe", lpSrch="ssms") returned 0x0 [0039.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.716] GetProcessHeap () returned 0x570000 [0039.716] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e528 [0039.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e528, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.716] lstrlenW (lpString="csrss.exe") returned 9 [0039.716] StrStrA (lpFirst="csrss.exe", lpSrch="postgre") returned 0x0 [0039.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.716] GetProcessHeap () returned 0x570000 [0039.716] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e540 [0039.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e540, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.725] lstrlenW (lpString="csrss.exe") returned 9 [0039.725] StrStrA (lpFirst="csrss.exe", lpSrch="1c") returned 0x0 [0039.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.725] GetProcessHeap () returned 0x570000 [0039.725] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e558 [0039.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e558, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.725] lstrlenW (lpString="csrss.exe") returned 9 [0039.725] StrStrA (lpFirst="csrss.exe", lpSrch="excel") returned 0x0 [0039.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.725] GetProcessHeap () returned 0x570000 [0039.725] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e570 [0039.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e570, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.725] lstrlenW (lpString="csrss.exe") returned 9 [0039.725] StrStrA (lpFirst="csrss.exe", lpSrch="word") returned 0x0 [0039.725] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0039.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.726] GetProcessHeap () returned 0x570000 [0039.726] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e588 [0039.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x58e588, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0039.726] lstrlenW (lpString="wininit.exe") returned 11 [0039.726] StrStrA (lpFirst="wininit.exe", lpSrch="sql") returned 0x0 [0039.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.726] GetProcessHeap () returned 0x570000 [0039.726] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e5a0 [0039.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x58e5a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0039.727] lstrlenW (lpString="wininit.exe") returned 11 [0039.727] StrStrA (lpFirst="wininit.exe", lpSrch="outlook") returned 0x0 [0039.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.727] GetProcessHeap () returned 0x570000 [0039.727] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e5b8 [0039.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x58e5b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0039.727] lstrlenW (lpString="wininit.exe") returned 11 [0039.727] StrStrA (lpFirst="wininit.exe", lpSrch="ssms") returned 0x0 [0039.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.727] GetProcessHeap () returned 0x570000 [0039.727] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e5d0 [0039.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x58e5d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0039.727] lstrlenW (lpString="wininit.exe") returned 11 [0039.727] StrStrA (lpFirst="wininit.exe", lpSrch="postgre") returned 0x0 [0039.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.727] GetProcessHeap () returned 0x570000 [0039.727] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e5e8 [0039.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x58e5e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0039.727] lstrlenW (lpString="wininit.exe") returned 11 [0039.727] StrStrA (lpFirst="wininit.exe", lpSrch="1c") returned 0x0 [0039.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.727] GetProcessHeap () returned 0x570000 [0039.727] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e600 [0039.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x58e600, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0039.727] lstrlenW (lpString="wininit.exe") returned 11 [0039.727] StrStrA (lpFirst="wininit.exe", lpSrch="excel") returned 0x0 [0039.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.727] GetProcessHeap () returned 0x570000 [0039.727] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e618 [0039.727] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="wininit.exe", cchWideChar=-1, lpMultiByteStr=0x58e618, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wininit.exe", lpUsedDefaultChar=0x0) returned 12 [0039.727] lstrlenW (lpString="wininit.exe") returned 11 [0039.727] StrStrA (lpFirst="wininit.exe", lpSrch="word") returned 0x0 [0039.728] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0039.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.728] GetProcessHeap () returned 0x570000 [0039.728] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e630 [0039.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e630, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.728] lstrlenW (lpString="csrss.exe") returned 9 [0039.728] StrStrA (lpFirst="csrss.exe", lpSrch="sql") returned 0x0 [0039.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.728] GetProcessHeap () returned 0x570000 [0039.728] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e648 [0039.728] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e648, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.729] lstrlenW (lpString="csrss.exe") returned 9 [0039.729] StrStrA (lpFirst="csrss.exe", lpSrch="outlook") returned 0x0 [0039.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.729] GetProcessHeap () returned 0x570000 [0039.729] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e660 [0039.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e660, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.729] lstrlenW (lpString="csrss.exe") returned 9 [0039.729] StrStrA (lpFirst="csrss.exe", lpSrch="ssms") returned 0x0 [0039.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.729] GetProcessHeap () returned 0x570000 [0039.729] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e678 [0039.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e678, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.729] lstrlenW (lpString="csrss.exe") returned 9 [0039.729] StrStrA (lpFirst="csrss.exe", lpSrch="postgre") returned 0x0 [0039.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.729] GetProcessHeap () returned 0x570000 [0039.729] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e690 [0039.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e690, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.729] lstrlenW (lpString="csrss.exe") returned 9 [0039.729] StrStrA (lpFirst="csrss.exe", lpSrch="1c") returned 0x0 [0039.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.729] GetProcessHeap () returned 0x570000 [0039.729] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e6a8 [0039.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e6a8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.729] lstrlenW (lpString="csrss.exe") returned 9 [0039.729] StrStrA (lpFirst="csrss.exe", lpSrch="excel") returned 0x0 [0039.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.729] GetProcessHeap () returned 0x570000 [0039.729] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e6c0 [0039.729] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="csrss.exe", cchWideChar=-1, lpMultiByteStr=0x58e6c0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="csrss.exe", lpUsedDefaultChar=0x0) returned 10 [0039.729] lstrlenW (lpString="csrss.exe") returned 9 [0039.729] StrStrA (lpFirst="csrss.exe", lpSrch="word") returned 0x0 [0039.730] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0039.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.730] GetProcessHeap () returned 0x570000 [0039.730] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e6d8 [0039.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x58e6d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0039.730] lstrlenW (lpString="winlogon.exe") returned 12 [0039.730] StrStrA (lpFirst="winlogon.exe", lpSrch="sql") returned 0x0 [0039.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.730] GetProcessHeap () returned 0x570000 [0039.730] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e6f0 [0039.730] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x58e6f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0039.730] lstrlenW (lpString="winlogon.exe") returned 12 [0039.731] StrStrA (lpFirst="winlogon.exe", lpSrch="outlook") returned 0x0 [0039.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.731] GetProcessHeap () returned 0x570000 [0039.731] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e708 [0039.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x58e708, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0039.731] lstrlenW (lpString="winlogon.exe") returned 12 [0039.731] StrStrA (lpFirst="winlogon.exe", lpSrch="ssms") returned 0x0 [0039.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.731] GetProcessHeap () returned 0x570000 [0039.731] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e720 [0039.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x58e720, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0039.731] lstrlenW (lpString="winlogon.exe") returned 12 [0039.731] StrStrA (lpFirst="winlogon.exe", lpSrch="postgre") returned 0x0 [0039.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.731] GetProcessHeap () returned 0x570000 [0039.731] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e738 [0039.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x58e738, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0039.731] lstrlenW (lpString="winlogon.exe") returned 12 [0039.731] StrStrA (lpFirst="winlogon.exe", lpSrch="1c") returned 0x0 [0039.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.731] GetProcessHeap () returned 0x570000 [0039.731] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e750 [0039.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x58e750, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0039.731] lstrlenW (lpString="winlogon.exe") returned 12 [0039.731] StrStrA (lpFirst="winlogon.exe", lpSrch="excel") returned 0x0 [0039.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.731] GetProcessHeap () returned 0x570000 [0039.731] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e768 [0039.731] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="winlogon.exe", cchWideChar=-1, lpMultiByteStr=0x58e768, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="winlogon.exe", lpUsedDefaultChar=0x0) returned 13 [0039.731] lstrlenW (lpString="winlogon.exe") returned 12 [0039.731] StrStrA (lpFirst="winlogon.exe", lpSrch="word") returned 0x0 [0039.732] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0039.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.732] GetProcessHeap () returned 0x570000 [0039.732] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e780 [0039.732] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x58e780, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0039.732] lstrlenW (lpString="services.exe") returned 12 [0039.732] StrStrA (lpFirst="services.exe", lpSrch="sql") returned 0x0 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.733] GetProcessHeap () returned 0x570000 [0039.733] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e798 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x58e798, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0039.733] lstrlenW (lpString="services.exe") returned 12 [0039.733] StrStrA (lpFirst="services.exe", lpSrch="outlook") returned 0x0 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.733] GetProcessHeap () returned 0x570000 [0039.733] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e7b0 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x58e7b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0039.733] lstrlenW (lpString="services.exe") returned 12 [0039.733] StrStrA (lpFirst="services.exe", lpSrch="ssms") returned 0x0 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.733] GetProcessHeap () returned 0x570000 [0039.733] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e7c8 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x58e7c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0039.733] lstrlenW (lpString="services.exe") returned 12 [0039.733] StrStrA (lpFirst="services.exe", lpSrch="postgre") returned 0x0 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.733] GetProcessHeap () returned 0x570000 [0039.733] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e7e0 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x58e7e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0039.733] lstrlenW (lpString="services.exe") returned 12 [0039.733] StrStrA (lpFirst="services.exe", lpSrch="1c") returned 0x0 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.733] GetProcessHeap () returned 0x570000 [0039.733] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e7f8 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x58e7f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0039.733] lstrlenW (lpString="services.exe") returned 12 [0039.733] StrStrA (lpFirst="services.exe", lpSrch="excel") returned 0x0 [0039.733] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.733] GetProcessHeap () returned 0x570000 [0039.733] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58e810 [0039.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="services.exe", cchWideChar=-1, lpMultiByteStr=0x58e810, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="services.exe", lpUsedDefaultChar=0x0) returned 13 [0039.734] lstrlenW (lpString="services.exe") returned 12 [0039.734] StrStrA (lpFirst="services.exe", lpSrch="word") returned 0x0 [0039.734] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0039.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.734] GetProcessHeap () returned 0x570000 [0039.734] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e828 [0039.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x58e828, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0039.734] lstrlenW (lpString="lsass.exe") returned 9 [0039.734] StrStrA (lpFirst="lsass.exe", lpSrch="sql") returned 0x0 [0039.734] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.735] GetProcessHeap () returned 0x570000 [0039.735] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e840 [0039.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x58e840, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0039.735] lstrlenW (lpString="lsass.exe") returned 9 [0039.735] StrStrA (lpFirst="lsass.exe", lpSrch="outlook") returned 0x0 [0039.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.735] GetProcessHeap () returned 0x570000 [0039.735] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e858 [0039.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x58e858, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0039.735] lstrlenW (lpString="lsass.exe") returned 9 [0039.735] StrStrA (lpFirst="lsass.exe", lpSrch="ssms") returned 0x0 [0039.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.735] GetProcessHeap () returned 0x570000 [0039.735] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e870 [0039.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x58e870, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0039.735] lstrlenW (lpString="lsass.exe") returned 9 [0039.735] StrStrA (lpFirst="lsass.exe", lpSrch="postgre") returned 0x0 [0039.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.735] GetProcessHeap () returned 0x570000 [0039.735] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e888 [0039.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x58e888, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0039.735] lstrlenW (lpString="lsass.exe") returned 9 [0039.735] StrStrA (lpFirst="lsass.exe", lpSrch="1c") returned 0x0 [0039.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.735] GetProcessHeap () returned 0x570000 [0039.735] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e8a0 [0039.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x58e8a0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0039.735] lstrlenW (lpString="lsass.exe") returned 9 [0039.735] StrStrA (lpFirst="lsass.exe", lpSrch="excel") returned 0x0 [0039.735] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.735] GetProcessHeap () returned 0x570000 [0039.735] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58e8e0 [0039.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsass.exe", cchWideChar=-1, lpMultiByteStr=0x58e8e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsass.exe", lpUsedDefaultChar=0x0) returned 10 [0039.736] lstrlenW (lpString="lsass.exe") returned 9 [0039.736] StrStrA (lpFirst="lsass.exe", lpSrch="word") returned 0x0 [0039.736] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0039.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.736] GetProcessHeap () returned 0x570000 [0039.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x587350 [0039.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x587350, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.736] lstrlenW (lpString="lsm.exe") returned 7 [0039.736] StrStrA (lpFirst="lsm.exe", lpSrch="sql") returned 0x0 [0039.736] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.737] GetProcessHeap () returned 0x570000 [0039.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x587360 [0039.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x587360, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.737] lstrlenW (lpString="lsm.exe") returned 7 [0039.737] StrStrA (lpFirst="lsm.exe", lpSrch="outlook") returned 0x0 [0039.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.737] GetProcessHeap () returned 0x570000 [0039.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x587370 [0039.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x587370, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.737] lstrlenW (lpString="lsm.exe") returned 7 [0039.737] StrStrA (lpFirst="lsm.exe", lpSrch="ssms") returned 0x0 [0039.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.737] GetProcessHeap () returned 0x570000 [0039.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x587380 [0039.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x587380, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.737] lstrlenW (lpString="lsm.exe") returned 7 [0039.737] StrStrA (lpFirst="lsm.exe", lpSrch="postgre") returned 0x0 [0039.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.737] GetProcessHeap () returned 0x570000 [0039.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x587390 [0039.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x587390, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.737] lstrlenW (lpString="lsm.exe") returned 7 [0039.737] StrStrA (lpFirst="lsm.exe", lpSrch="1c") returned 0x0 [0039.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.737] GetProcessHeap () returned 0x570000 [0039.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x5873a0 [0039.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x5873a0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.737] lstrlenW (lpString="lsm.exe") returned 7 [0039.737] StrStrA (lpFirst="lsm.exe", lpSrch="excel") returned 0x0 [0039.737] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.737] GetProcessHeap () returned 0x570000 [0039.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ece0 [0039.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="lsm.exe", cchWideChar=-1, lpMultiByteStr=0x58ece0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="lsm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.738] lstrlenW (lpString="lsm.exe") returned 7 [0039.738] StrStrA (lpFirst="lsm.exe", lpSrch="word") returned 0x0 [0039.738] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0039.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.738] GetProcessHeap () returned 0x570000 [0039.738] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e8f8 [0039.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e8f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.738] lstrlenW (lpString="svchost.exe") returned 11 [0039.738] StrStrA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0039.738] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.738] GetProcessHeap () returned 0x570000 [0039.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e910 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e910, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.739] lstrlenW (lpString="svchost.exe") returned 11 [0039.739] StrStrA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.739] GetProcessHeap () returned 0x570000 [0039.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e928 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e928, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.739] lstrlenW (lpString="svchost.exe") returned 11 [0039.739] StrStrA (lpFirst="svchost.exe", lpSrch="ssms") returned 0x0 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.739] GetProcessHeap () returned 0x570000 [0039.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e940 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e940, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.739] lstrlenW (lpString="svchost.exe") returned 11 [0039.739] StrStrA (lpFirst="svchost.exe", lpSrch="postgre") returned 0x0 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.739] GetProcessHeap () returned 0x570000 [0039.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e958 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e958, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.739] lstrlenW (lpString="svchost.exe") returned 11 [0039.739] StrStrA (lpFirst="svchost.exe", lpSrch="1c") returned 0x0 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.739] GetProcessHeap () returned 0x570000 [0039.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e970 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e970, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.739] lstrlenW (lpString="svchost.exe") returned 11 [0039.739] StrStrA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.739] GetProcessHeap () returned 0x570000 [0039.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e988 [0039.739] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e988, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.740] lstrlenW (lpString="svchost.exe") returned 11 [0039.740] StrStrA (lpFirst="svchost.exe", lpSrch="word") returned 0x0 [0039.740] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0039.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.740] GetProcessHeap () returned 0x570000 [0039.740] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e9a0 [0039.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e9a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.740] lstrlenW (lpString="svchost.exe") returned 11 [0039.740] StrStrA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0039.740] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.740] GetProcessHeap () returned 0x570000 [0039.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e9b8 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e9b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.741] lstrlenW (lpString="svchost.exe") returned 11 [0039.741] StrStrA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.741] GetProcessHeap () returned 0x570000 [0039.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e9d0 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e9d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.741] lstrlenW (lpString="svchost.exe") returned 11 [0039.741] StrStrA (lpFirst="svchost.exe", lpSrch="ssms") returned 0x0 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.741] GetProcessHeap () returned 0x570000 [0039.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58e9e8 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58e9e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.741] lstrlenW (lpString="svchost.exe") returned 11 [0039.741] StrStrA (lpFirst="svchost.exe", lpSrch="postgre") returned 0x0 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.741] GetProcessHeap () returned 0x570000 [0039.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ea00 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ea00, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.741] lstrlenW (lpString="svchost.exe") returned 11 [0039.741] StrStrA (lpFirst="svchost.exe", lpSrch="1c") returned 0x0 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.741] GetProcessHeap () returned 0x570000 [0039.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ea18 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ea18, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.741] lstrlenW (lpString="svchost.exe") returned 11 [0039.741] StrStrA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.741] GetProcessHeap () returned 0x570000 [0039.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ea30 [0039.741] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ea30, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.742] lstrlenW (lpString="svchost.exe") returned 11 [0039.742] StrStrA (lpFirst="svchost.exe", lpSrch="word") returned 0x0 [0039.742] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0039.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.742] GetProcessHeap () returned 0x570000 [0039.742] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ea48 [0039.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ea48, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.742] lstrlenW (lpString="svchost.exe") returned 11 [0039.742] StrStrA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0039.742] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.742] GetProcessHeap () returned 0x570000 [0039.742] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ea60 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ea60, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.743] lstrlenW (lpString="svchost.exe") returned 11 [0039.743] StrStrA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.743] GetProcessHeap () returned 0x570000 [0039.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ea78 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ea78, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.743] lstrlenW (lpString="svchost.exe") returned 11 [0039.743] StrStrA (lpFirst="svchost.exe", lpSrch="ssms") returned 0x0 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.743] GetProcessHeap () returned 0x570000 [0039.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ea90 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ea90, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.743] lstrlenW (lpString="svchost.exe") returned 11 [0039.743] StrStrA (lpFirst="svchost.exe", lpSrch="postgre") returned 0x0 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.743] GetProcessHeap () returned 0x570000 [0039.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eaa8 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58eaa8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.743] lstrlenW (lpString="svchost.exe") returned 11 [0039.743] StrStrA (lpFirst="svchost.exe", lpSrch="1c") returned 0x0 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.743] GetProcessHeap () returned 0x570000 [0039.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eac0 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58eac0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.743] lstrlenW (lpString="svchost.exe") returned 11 [0039.743] StrStrA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.743] GetProcessHeap () returned 0x570000 [0039.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ead8 [0039.743] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ead8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.744] lstrlenW (lpString="svchost.exe") returned 11 [0039.744] StrStrA (lpFirst="svchost.exe", lpSrch="word") returned 0x0 [0039.744] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0039.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.744] GetProcessHeap () returned 0x570000 [0039.744] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eaf0 [0039.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58eaf0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.744] lstrlenW (lpString="svchost.exe") returned 11 [0039.744] StrStrA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0039.744] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.744] GetProcessHeap () returned 0x570000 [0039.744] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eb08 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58eb08, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.745] lstrlenW (lpString="svchost.exe") returned 11 [0039.745] StrStrA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.745] GetProcessHeap () returned 0x570000 [0039.745] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eb20 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58eb20, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.745] lstrlenW (lpString="svchost.exe") returned 11 [0039.745] StrStrA (lpFirst="svchost.exe", lpSrch="ssms") returned 0x0 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.745] GetProcessHeap () returned 0x570000 [0039.745] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eb38 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58eb38, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.745] lstrlenW (lpString="svchost.exe") returned 11 [0039.745] StrStrA (lpFirst="svchost.exe", lpSrch="postgre") returned 0x0 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.745] GetProcessHeap () returned 0x570000 [0039.745] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eb50 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58eb50, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.745] lstrlenW (lpString="svchost.exe") returned 11 [0039.745] StrStrA (lpFirst="svchost.exe", lpSrch="1c") returned 0x0 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.745] GetProcessHeap () returned 0x570000 [0039.745] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eb68 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58eb68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.745] lstrlenW (lpString="svchost.exe") returned 11 [0039.745] StrStrA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.745] GetProcessHeap () returned 0x570000 [0039.745] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eb80 [0039.745] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58eb80, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.745] lstrlenW (lpString="svchost.exe") returned 11 [0039.746] StrStrA (lpFirst="svchost.exe", lpSrch="word") returned 0x0 [0039.746] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x25, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0039.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.746] GetProcessHeap () returned 0x570000 [0039.746] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eb98 [0039.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58eb98, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.746] lstrlenW (lpString="svchost.exe") returned 11 [0039.746] StrStrA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0039.746] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.746] GetProcessHeap () returned 0x570000 [0039.746] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ebb0 [0039.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ebb0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.747] lstrlenW (lpString="svchost.exe") returned 11 [0039.747] StrStrA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0039.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.747] GetProcessHeap () returned 0x570000 [0039.747] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ebc8 [0039.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ebc8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.747] lstrlenW (lpString="svchost.exe") returned 11 [0039.747] StrStrA (lpFirst="svchost.exe", lpSrch="ssms") returned 0x0 [0039.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.747] GetProcessHeap () returned 0x570000 [0039.747] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ebe0 [0039.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ebe0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.747] lstrlenW (lpString="svchost.exe") returned 11 [0039.747] StrStrA (lpFirst="svchost.exe", lpSrch="postgre") returned 0x0 [0039.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.747] GetProcessHeap () returned 0x570000 [0039.747] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ebf8 [0039.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ebf8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.747] lstrlenW (lpString="svchost.exe") returned 11 [0039.747] StrStrA (lpFirst="svchost.exe", lpSrch="1c") returned 0x0 [0039.747] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.748] GetProcessHeap () returned 0x570000 [0039.748] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ec10 [0039.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ec10, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.748] lstrlenW (lpString="svchost.exe") returned 11 [0039.748] StrStrA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0039.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.748] GetProcessHeap () returned 0x570000 [0039.748] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ec28 [0039.748] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58ec28, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.748] lstrlenW (lpString="svchost.exe") returned 11 [0039.748] StrStrA (lpFirst="svchost.exe", lpSrch="word") returned 0x0 [0039.748] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0039.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.749] GetProcessHeap () returned 0x570000 [0039.749] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ec40 [0039.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x58ec40, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0039.749] lstrlenW (lpString="audiodg.exe") returned 11 [0039.749] StrStrA (lpFirst="audiodg.exe", lpSrch="sql") returned 0x0 [0039.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.749] GetProcessHeap () returned 0x570000 [0039.749] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ec58 [0039.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x58ec58, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0039.749] lstrlenW (lpString="audiodg.exe") returned 11 [0039.749] StrStrA (lpFirst="audiodg.exe", lpSrch="outlook") returned 0x0 [0039.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.749] GetProcessHeap () returned 0x570000 [0039.749] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ec70 [0039.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x58ec70, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0039.749] lstrlenW (lpString="audiodg.exe") returned 11 [0039.749] StrStrA (lpFirst="audiodg.exe", lpSrch="ssms") returned 0x0 [0039.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.749] GetProcessHeap () returned 0x570000 [0039.749] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58ec88 [0039.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x58ec88, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0039.749] lstrlenW (lpString="audiodg.exe") returned 11 [0039.749] StrStrA (lpFirst="audiodg.exe", lpSrch="postgre") returned 0x0 [0039.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.749] GetProcessHeap () returned 0x570000 [0039.749] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58eca0 [0039.749] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x58eca0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0039.749] lstrlenW (lpString="audiodg.exe") returned 11 [0039.750] StrStrA (lpFirst="audiodg.exe", lpSrch="1c") returned 0x0 [0039.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.750] GetProcessHeap () returned 0x570000 [0039.750] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f0e0 [0039.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x58f0e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0039.750] lstrlenW (lpString="audiodg.exe") returned 11 [0039.750] StrStrA (lpFirst="audiodg.exe", lpSrch="excel") returned 0x0 [0039.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.750] GetProcessHeap () returned 0x570000 [0039.750] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f0f8 [0039.750] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="audiodg.exe", cchWideChar=-1, lpMultiByteStr=0x58f0f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="audiodg.exe", lpUsedDefaultChar=0x0) returned 12 [0039.750] lstrlenW (lpString="audiodg.exe") returned 11 [0039.750] StrStrA (lpFirst="audiodg.exe", lpSrch="word") returned 0x0 [0039.750] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0039.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.751] GetProcessHeap () returned 0x570000 [0039.751] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f110 [0039.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f110, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.751] lstrlenW (lpString="svchost.exe") returned 11 [0039.751] StrStrA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0039.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.751] GetProcessHeap () returned 0x570000 [0039.751] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f128 [0039.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f128, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.751] lstrlenW (lpString="svchost.exe") returned 11 [0039.751] StrStrA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0039.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.751] GetProcessHeap () returned 0x570000 [0039.751] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f140 [0039.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f140, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.751] lstrlenW (lpString="svchost.exe") returned 11 [0039.751] StrStrA (lpFirst="svchost.exe", lpSrch="ssms") returned 0x0 [0039.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.751] GetProcessHeap () returned 0x570000 [0039.751] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f158 [0039.751] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f158, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.751] lstrlenW (lpString="svchost.exe") returned 11 [0039.751] StrStrA (lpFirst="svchost.exe", lpSrch="postgre") returned 0x0 [0039.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.752] GetProcessHeap () returned 0x570000 [0039.752] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f170 [0039.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f170, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.752] lstrlenW (lpString="svchost.exe") returned 11 [0039.752] StrStrA (lpFirst="svchost.exe", lpSrch="1c") returned 0x0 [0039.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.752] GetProcessHeap () returned 0x570000 [0039.752] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f188 [0039.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f188, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.752] lstrlenW (lpString="svchost.exe") returned 11 [0039.752] StrStrA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0039.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.752] GetProcessHeap () returned 0x570000 [0039.752] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f1a0 [0039.752] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f1a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.752] lstrlenW (lpString="svchost.exe") returned 11 [0039.752] StrStrA (lpFirst="svchost.exe", lpSrch="word") returned 0x0 [0039.752] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0039.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.753] GetProcessHeap () returned 0x570000 [0039.753] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f1b8 [0039.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f1b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.753] lstrlenW (lpString="svchost.exe") returned 11 [0039.753] StrStrA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0039.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.753] GetProcessHeap () returned 0x570000 [0039.753] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f1d0 [0039.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f1d0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.753] lstrlenW (lpString="svchost.exe") returned 11 [0039.753] StrStrA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0039.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.753] GetProcessHeap () returned 0x570000 [0039.753] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f1e8 [0039.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f1e8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.753] lstrlenW (lpString="svchost.exe") returned 11 [0039.753] StrStrA (lpFirst="svchost.exe", lpSrch="ssms") returned 0x0 [0039.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.753] GetProcessHeap () returned 0x570000 [0039.753] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f200 [0039.753] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f200, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.754] lstrlenW (lpString="svchost.exe") returned 11 [0039.754] StrStrA (lpFirst="svchost.exe", lpSrch="postgre") returned 0x0 [0039.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.754] GetProcessHeap () returned 0x570000 [0039.754] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f218 [0039.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f218, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.754] lstrlenW (lpString="svchost.exe") returned 11 [0039.754] StrStrA (lpFirst="svchost.exe", lpSrch="1c") returned 0x0 [0039.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.754] GetProcessHeap () returned 0x570000 [0039.754] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f230 [0039.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f230, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.754] lstrlenW (lpString="svchost.exe") returned 11 [0039.754] StrStrA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0039.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.754] GetProcessHeap () returned 0x570000 [0039.754] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f248 [0039.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f248, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.754] lstrlenW (lpString="svchost.exe") returned 11 [0039.754] StrStrA (lpFirst="svchost.exe", lpSrch="word") returned 0x0 [0039.754] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0039.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.755] GetProcessHeap () returned 0x570000 [0039.755] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ecf0 [0039.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x58ecf0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.755] lstrlenW (lpString="dwm.exe") returned 7 [0039.755] StrStrA (lpFirst="dwm.exe", lpSrch="sql") returned 0x0 [0039.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.755] GetProcessHeap () returned 0x570000 [0039.755] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed00 [0039.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x58ed00, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.755] lstrlenW (lpString="dwm.exe") returned 7 [0039.755] StrStrA (lpFirst="dwm.exe", lpSrch="outlook") returned 0x0 [0039.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.755] GetProcessHeap () returned 0x570000 [0039.755] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed10 [0039.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x58ed10, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.755] lstrlenW (lpString="dwm.exe") returned 7 [0039.755] StrStrA (lpFirst="dwm.exe", lpSrch="ssms") returned 0x0 [0039.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.755] GetProcessHeap () returned 0x570000 [0039.755] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed20 [0039.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x58ed20, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.756] lstrlenW (lpString="dwm.exe") returned 7 [0039.756] StrStrA (lpFirst="dwm.exe", lpSrch="postgre") returned 0x0 [0039.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.756] GetProcessHeap () returned 0x570000 [0039.756] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed30 [0039.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x58ed30, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.756] lstrlenW (lpString="dwm.exe") returned 7 [0039.756] StrStrA (lpFirst="dwm.exe", lpSrch="1c") returned 0x0 [0039.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.756] GetProcessHeap () returned 0x570000 [0039.756] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed40 [0039.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x58ed40, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.756] lstrlenW (lpString="dwm.exe") returned 7 [0039.756] StrStrA (lpFirst="dwm.exe", lpSrch="excel") returned 0x0 [0039.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.756] GetProcessHeap () returned 0x570000 [0039.756] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed50 [0039.756] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="dwm.exe", cchWideChar=-1, lpMultiByteStr=0x58ed50, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="dwm.exe", lpUsedDefaultChar=0x0) returned 8 [0039.756] lstrlenW (lpString="dwm.exe") returned 7 [0039.756] StrStrA (lpFirst="dwm.exe", lpSrch="word") returned 0x0 [0039.756] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0039.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.757] GetProcessHeap () returned 0x570000 [0039.757] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f260 [0039.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x58f260, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0039.757] lstrlenW (lpString="explorer.exe") returned 12 [0039.757] StrStrA (lpFirst="explorer.exe", lpSrch="sql") returned 0x0 [0039.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.757] GetProcessHeap () returned 0x570000 [0039.757] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f278 [0039.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x58f278, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0039.757] lstrlenW (lpString="explorer.exe") returned 12 [0039.757] StrStrA (lpFirst="explorer.exe", lpSrch="outlook") returned 0x0 [0039.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.757] GetProcessHeap () returned 0x570000 [0039.757] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f290 [0039.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x58f290, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0039.757] lstrlenW (lpString="explorer.exe") returned 12 [0039.757] StrStrA (lpFirst="explorer.exe", lpSrch="ssms") returned 0x0 [0039.757] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.757] GetProcessHeap () returned 0x570000 [0039.758] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f2a8 [0039.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x58f2a8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0039.758] lstrlenW (lpString="explorer.exe") returned 12 [0039.758] StrStrA (lpFirst="explorer.exe", lpSrch="postgre") returned 0x0 [0039.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.758] GetProcessHeap () returned 0x570000 [0039.758] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f2c0 [0039.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x58f2c0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0039.758] lstrlenW (lpString="explorer.exe") returned 12 [0039.758] StrStrA (lpFirst="explorer.exe", lpSrch="1c") returned 0x0 [0039.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.758] GetProcessHeap () returned 0x570000 [0039.758] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f2d8 [0039.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x58f2d8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0039.758] lstrlenW (lpString="explorer.exe") returned 12 [0039.758] StrStrA (lpFirst="explorer.exe", lpSrch="excel") returned 0x0 [0039.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.758] GetProcessHeap () returned 0x570000 [0039.758] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f2f0 [0039.758] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="explorer.exe", cchWideChar=-1, lpMultiByteStr=0x58f2f0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="explorer.exe", lpUsedDefaultChar=0x0) returned 13 [0039.758] lstrlenW (lpString="explorer.exe") returned 12 [0039.758] StrStrA (lpFirst="explorer.exe", lpSrch="word") returned 0x0 [0039.758] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0039.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.759] GetProcessHeap () returned 0x570000 [0039.759] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f308 [0039.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x58f308, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0039.759] lstrlenW (lpString="spoolsv.exe") returned 11 [0039.759] StrStrA (lpFirst="spoolsv.exe", lpSrch="sql") returned 0x0 [0039.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.759] GetProcessHeap () returned 0x570000 [0039.759] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f320 [0039.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x58f320, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0039.759] lstrlenW (lpString="spoolsv.exe") returned 11 [0039.759] StrStrA (lpFirst="spoolsv.exe", lpSrch="outlook") returned 0x0 [0039.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.759] GetProcessHeap () returned 0x570000 [0039.759] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f338 [0039.759] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x58f338, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0039.759] lstrlenW (lpString="spoolsv.exe") returned 11 [0039.759] StrStrA (lpFirst="spoolsv.exe", lpSrch="ssms") returned 0x0 [0039.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.760] GetProcessHeap () returned 0x570000 [0039.760] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f350 [0039.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x58f350, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0039.760] lstrlenW (lpString="spoolsv.exe") returned 11 [0039.760] StrStrA (lpFirst="spoolsv.exe", lpSrch="postgre") returned 0x0 [0039.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.760] GetProcessHeap () returned 0x570000 [0039.760] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f368 [0039.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x58f368, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0039.760] lstrlenW (lpString="spoolsv.exe") returned 11 [0039.760] StrStrA (lpFirst="spoolsv.exe", lpSrch="1c") returned 0x0 [0039.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.760] GetProcessHeap () returned 0x570000 [0039.760] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f380 [0039.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x58f380, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0039.760] lstrlenW (lpString="spoolsv.exe") returned 11 [0039.760] StrStrA (lpFirst="spoolsv.exe", lpSrch="excel") returned 0x0 [0039.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.760] GetProcessHeap () returned 0x570000 [0039.760] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f398 [0039.760] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="spoolsv.exe", cchWideChar=-1, lpMultiByteStr=0x58f398, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="spoolsv.exe", lpUsedDefaultChar=0x0) returned 12 [0039.760] lstrlenW (lpString="spoolsv.exe") returned 11 [0039.760] StrStrA (lpFirst="spoolsv.exe", lpSrch="word") returned 0x0 [0039.760] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0039.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.761] GetProcessHeap () returned 0x570000 [0039.761] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f3b0 [0039.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f3b0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.761] lstrlenW (lpString="taskhost.exe") returned 12 [0039.761] StrStrA (lpFirst="taskhost.exe", lpSrch="sql") returned 0x0 [0039.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.761] GetProcessHeap () returned 0x570000 [0039.761] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f3c8 [0039.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f3c8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.761] lstrlenW (lpString="taskhost.exe") returned 12 [0039.761] StrStrA (lpFirst="taskhost.exe", lpSrch="outlook") returned 0x0 [0039.761] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.761] GetProcessHeap () returned 0x570000 [0039.761] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f3e0 [0039.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f3e0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.762] lstrlenW (lpString="taskhost.exe") returned 12 [0039.762] StrStrA (lpFirst="taskhost.exe", lpSrch="ssms") returned 0x0 [0039.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.762] GetProcessHeap () returned 0x570000 [0039.762] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f3f8 [0039.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f3f8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.762] lstrlenW (lpString="taskhost.exe") returned 12 [0039.762] StrStrA (lpFirst="taskhost.exe", lpSrch="postgre") returned 0x0 [0039.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.762] GetProcessHeap () returned 0x570000 [0039.762] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f410 [0039.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f410, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.762] lstrlenW (lpString="taskhost.exe") returned 12 [0039.762] StrStrA (lpFirst="taskhost.exe", lpSrch="1c") returned 0x0 [0039.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.762] GetProcessHeap () returned 0x570000 [0039.762] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f428 [0039.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f428, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.762] lstrlenW (lpString="taskhost.exe") returned 12 [0039.762] StrStrA (lpFirst="taskhost.exe", lpSrch="excel") returned 0x0 [0039.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.762] GetProcessHeap () returned 0x570000 [0039.762] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f440 [0039.762] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f440, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.762] lstrlenW (lpString="taskhost.exe") returned 12 [0039.762] StrStrA (lpFirst="taskhost.exe", lpSrch="word") returned 0x0 [0039.762] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0039.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.763] GetProcessHeap () returned 0x570000 [0039.763] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f458 [0039.763] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f458, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.763] lstrlenW (lpString="svchost.exe") returned 11 [0039.763] StrStrA (lpFirst="svchost.exe", lpSrch="sql") returned 0x0 [0039.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.764] GetProcessHeap () returned 0x570000 [0039.764] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f470 [0039.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f470, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.764] lstrlenW (lpString="svchost.exe") returned 11 [0039.764] StrStrA (lpFirst="svchost.exe", lpSrch="outlook") returned 0x0 [0039.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.764] GetProcessHeap () returned 0x570000 [0039.764] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f488 [0039.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f488, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.764] lstrlenW (lpString="svchost.exe") returned 11 [0039.764] StrStrA (lpFirst="svchost.exe", lpSrch="ssms") returned 0x0 [0039.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.764] GetProcessHeap () returned 0x570000 [0039.764] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f4a0 [0039.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f4a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.764] lstrlenW (lpString="svchost.exe") returned 11 [0039.764] StrStrA (lpFirst="svchost.exe", lpSrch="postgre") returned 0x0 [0039.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.764] GetProcessHeap () returned 0x570000 [0039.764] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f4e0 [0039.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f4e0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.764] lstrlenW (lpString="svchost.exe") returned 11 [0039.764] StrStrA (lpFirst="svchost.exe", lpSrch="1c") returned 0x0 [0039.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.764] GetProcessHeap () returned 0x570000 [0039.764] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f4f8 [0039.764] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f4f8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.764] lstrlenW (lpString="svchost.exe") returned 11 [0039.765] StrStrA (lpFirst="svchost.exe", lpSrch="excel") returned 0x0 [0039.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.765] GetProcessHeap () returned 0x570000 [0039.765] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f510 [0039.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="svchost.exe", cchWideChar=-1, lpMultiByteStr=0x58f510, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="svchost.exe", lpUsedDefaultChar=0x0) returned 12 [0039.765] lstrlenW (lpString="svchost.exe") returned 11 [0039.765] StrStrA (lpFirst="svchost.exe", lpSrch="word") returned 0x0 [0039.765] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0039.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.765] GetProcessHeap () returned 0x570000 [0039.765] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f528 [0039.765] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x58f528, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 12 [0039.766] lstrlenW (lpString="taskeng.exe") returned 11 [0039.766] StrStrA (lpFirst="taskeng.exe", lpSrch="sql") returned 0x0 [0039.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.766] GetProcessHeap () returned 0x570000 [0039.766] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f540 [0039.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x58f540, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 12 [0039.766] lstrlenW (lpString="taskeng.exe") returned 11 [0039.766] StrStrA (lpFirst="taskeng.exe", lpSrch="outlook") returned 0x0 [0039.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.766] GetProcessHeap () returned 0x570000 [0039.766] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f558 [0039.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x58f558, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 12 [0039.766] lstrlenW (lpString="taskeng.exe") returned 11 [0039.766] StrStrA (lpFirst="taskeng.exe", lpSrch="ssms") returned 0x0 [0039.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.766] GetProcessHeap () returned 0x570000 [0039.766] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f570 [0039.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x58f570, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 12 [0039.766] lstrlenW (lpString="taskeng.exe") returned 11 [0039.766] StrStrA (lpFirst="taskeng.exe", lpSrch="postgre") returned 0x0 [0039.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.766] GetProcessHeap () returned 0x570000 [0039.766] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f588 [0039.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x58f588, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 12 [0039.766] lstrlenW (lpString="taskeng.exe") returned 11 [0039.766] StrStrA (lpFirst="taskeng.exe", lpSrch="1c") returned 0x0 [0039.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.766] GetProcessHeap () returned 0x570000 [0039.766] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f5a0 [0039.766] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x58f5a0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 12 [0039.766] lstrlenW (lpString="taskeng.exe") returned 11 [0039.767] StrStrA (lpFirst="taskeng.exe", lpSrch="excel") returned 0x0 [0039.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.767] GetProcessHeap () returned 0x570000 [0039.767] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f5b8 [0039.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskeng.exe", cchWideChar=-1, lpMultiByteStr=0x58f5b8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskeng.exe", lpUsedDefaultChar=0x0) returned 12 [0039.767] lstrlenW (lpString="taskeng.exe") returned 11 [0039.767] StrStrA (lpFirst="taskeng.exe", lpSrch="word") returned 0x0 [0039.767] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0039.767] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.767] GetProcessHeap () returned 0x570000 [0039.767] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f5d0 [0039.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f5d0, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.768] lstrlenW (lpString="taskhost.exe") returned 12 [0039.768] StrStrA (lpFirst="taskhost.exe", lpSrch="sql") returned 0x0 [0039.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.768] GetProcessHeap () returned 0x570000 [0039.768] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f5e8 [0039.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f5e8, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.768] lstrlenW (lpString="taskhost.exe") returned 12 [0039.768] StrStrA (lpFirst="taskhost.exe", lpSrch="outlook") returned 0x0 [0039.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.768] GetProcessHeap () returned 0x570000 [0039.768] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f600 [0039.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f600, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.768] lstrlenW (lpString="taskhost.exe") returned 12 [0039.768] StrStrA (lpFirst="taskhost.exe", lpSrch="ssms") returned 0x0 [0039.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.768] GetProcessHeap () returned 0x570000 [0039.768] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f618 [0039.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f618, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.768] lstrlenW (lpString="taskhost.exe") returned 12 [0039.768] StrStrA (lpFirst="taskhost.exe", lpSrch="postgre") returned 0x0 [0039.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.768] GetProcessHeap () returned 0x570000 [0039.768] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f630 [0039.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f630, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.768] lstrlenW (lpString="taskhost.exe") returned 12 [0039.768] StrStrA (lpFirst="taskhost.exe", lpSrch="1c") returned 0x0 [0039.768] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.768] GetProcessHeap () returned 0x570000 [0039.768] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f648 [0039.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f648, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.769] lstrlenW (lpString="taskhost.exe") returned 12 [0039.769] StrStrA (lpFirst="taskhost.exe", lpSrch="excel") returned 0x0 [0039.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.769] GetProcessHeap () returned 0x570000 [0039.769] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x58f660 [0039.769] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="taskhost.exe", cchWideChar=-1, lpMultiByteStr=0x58f660, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="taskhost.exe", lpUsedDefaultChar=0x0) returned 13 [0039.769] lstrlenW (lpString="taskhost.exe") returned 12 [0039.769] StrStrA (lpFirst="taskhost.exe", lpSrch="word") returned 0x0 [0039.769] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="il_shipments_eric.exe")) returned 1 [0039.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.770] GetProcessHeap () returned 0x570000 [0039.770] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x5873b0 [0039.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x5873b0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="il_shipments_eric.exe", lpUsedDefaultChar=0x0) returned 22 [0039.770] lstrlenW (lpString="il_shipments_eric.exe") returned 21 [0039.770] StrStrA (lpFirst="il_shipments_eric.exe", lpSrch="sql") returned 0x0 [0039.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.770] GetProcessHeap () returned 0x570000 [0039.770] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x5873d0 [0039.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x5873d0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="il_shipments_eric.exe", lpUsedDefaultChar=0x0) returned 22 [0039.770] lstrlenW (lpString="il_shipments_eric.exe") returned 21 [0039.770] StrStrA (lpFirst="il_shipments_eric.exe", lpSrch="outlook") returned 0x0 [0039.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.770] GetProcessHeap () returned 0x570000 [0039.770] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x5873f0 [0039.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x5873f0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="il_shipments_eric.exe", lpUsedDefaultChar=0x0) returned 22 [0039.770] lstrlenW (lpString="il_shipments_eric.exe") returned 21 [0039.770] StrStrA (lpFirst="il_shipments_eric.exe", lpSrch="ssms") returned 0x0 [0039.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.770] GetProcessHeap () returned 0x570000 [0039.770] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x587410 [0039.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x587410, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="il_shipments_eric.exe", lpUsedDefaultChar=0x0) returned 22 [0039.770] lstrlenW (lpString="il_shipments_eric.exe") returned 21 [0039.770] StrStrA (lpFirst="il_shipments_eric.exe", lpSrch="postgre") returned 0x0 [0039.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.770] GetProcessHeap () returned 0x570000 [0039.770] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x587430 [0039.770] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x587430, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="il_shipments_eric.exe", lpUsedDefaultChar=0x0) returned 22 [0039.770] lstrlenW (lpString="il_shipments_eric.exe") returned 21 [0039.771] StrStrA (lpFirst="il_shipments_eric.exe", lpSrch="1c") returned 0x0 [0039.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.771] GetProcessHeap () returned 0x570000 [0039.771] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x58f8e0 [0039.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x58f8e0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="il_shipments_eric.exe", lpUsedDefaultChar=0x0) returned 22 [0039.771] lstrlenW (lpString="il_shipments_eric.exe") returned 21 [0039.771] StrStrA (lpFirst="il_shipments_eric.exe", lpSrch="excel") returned 0x0 [0039.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0039.771] GetProcessHeap () returned 0x570000 [0039.771] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x58f900 [0039.771] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="il_shipments_eric.exe", cchWideChar=-1, lpMultiByteStr=0x58f900, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="il_shipments_eric.exe", lpUsedDefaultChar=0x0) returned 22 [0039.771] lstrlenW (lpString="il_shipments_eric.exe") returned 21 [0039.771] StrStrA (lpFirst="il_shipments_eric.exe", lpSrch="word") returned 0x0 [0039.771] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x660, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="partial-newer.exe")) returned 1 [0039.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.772] GetProcessHeap () returned 0x570000 [0039.772] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12) returned 0x58f920 [0039.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x58f920, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="partial-newer.exe", lpUsedDefaultChar=0x0) returned 18 [0039.772] lstrlenW (lpString="partial-newer.exe") returned 17 [0039.772] StrStrA (lpFirst="partial-newer.exe", lpSrch="sql") returned 0x0 [0039.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.772] GetProcessHeap () returned 0x570000 [0039.772] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12) returned 0x58f940 [0039.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x58f940, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="partial-newer.exe", lpUsedDefaultChar=0x0) returned 18 [0039.772] lstrlenW (lpString="partial-newer.exe") returned 17 [0039.772] StrStrA (lpFirst="partial-newer.exe", lpSrch="outlook") returned 0x0 [0039.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.772] GetProcessHeap () returned 0x570000 [0039.772] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12) returned 0x58f960 [0039.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x58f960, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="partial-newer.exe", lpUsedDefaultChar=0x0) returned 18 [0039.772] lstrlenW (lpString="partial-newer.exe") returned 17 [0039.772] StrStrA (lpFirst="partial-newer.exe", lpSrch="ssms") returned 0x0 [0039.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.772] GetProcessHeap () returned 0x570000 [0039.772] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12) returned 0x58f980 [0039.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x58f980, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="partial-newer.exe", lpUsedDefaultChar=0x0) returned 18 [0039.772] lstrlenW (lpString="partial-newer.exe") returned 17 [0039.772] StrStrA (lpFirst="partial-newer.exe", lpSrch="postgre") returned 0x0 [0039.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.772] GetProcessHeap () returned 0x570000 [0039.772] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12) returned 0x58f9a0 [0039.772] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x58f9a0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="partial-newer.exe", lpUsedDefaultChar=0x0) returned 18 [0039.772] lstrlenW (lpString="partial-newer.exe") returned 17 [0039.773] StrStrA (lpFirst="partial-newer.exe", lpSrch="1c") returned 0x0 [0039.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.773] GetProcessHeap () returned 0x570000 [0039.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12) returned 0x58f9c0 [0039.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x58f9c0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="partial-newer.exe", lpUsedDefaultChar=0x0) returned 18 [0039.773] lstrlenW (lpString="partial-newer.exe") returned 17 [0039.773] StrStrA (lpFirst="partial-newer.exe", lpSrch="excel") returned 0x0 [0039.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0039.773] GetProcessHeap () returned 0x570000 [0039.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12) returned 0x58f9e0 [0039.773] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="partial-newer.exe", cchWideChar=-1, lpMultiByteStr=0x58f9e0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="partial-newer.exe", lpUsedDefaultChar=0x0) returned 18 [0039.773] lstrlenW (lpString="partial-newer.exe") returned 17 [0039.773] StrStrA (lpFirst="partial-newer.exe", lpSrch="word") returned 0x0 [0039.773] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x32c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="backupcompensation.exe")) returned 1 [0039.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0039.774] GetProcessHeap () returned 0x570000 [0039.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x17) returned 0x58fa00 [0039.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x58fa00, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="backupcompensation.exe", lpUsedDefaultChar=0x0) returned 23 [0039.774] lstrlenW (lpString="backupcompensation.exe") returned 22 [0039.774] StrStrA (lpFirst="backupcompensation.exe", lpSrch="sql") returned 0x0 [0039.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0039.774] GetProcessHeap () returned 0x570000 [0039.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x17) returned 0x58fa20 [0039.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x58fa20, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="backupcompensation.exe", lpUsedDefaultChar=0x0) returned 23 [0039.774] lstrlenW (lpString="backupcompensation.exe") returned 22 [0039.774] StrStrA (lpFirst="backupcompensation.exe", lpSrch="outlook") returned 0x0 [0039.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0039.774] GetProcessHeap () returned 0x570000 [0039.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x17) returned 0x58fa40 [0039.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x58fa40, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="backupcompensation.exe", lpUsedDefaultChar=0x0) returned 23 [0039.774] lstrlenW (lpString="backupcompensation.exe") returned 22 [0039.774] StrStrA (lpFirst="backupcompensation.exe", lpSrch="ssms") returned 0x0 [0039.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0039.774] GetProcessHeap () returned 0x570000 [0039.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x17) returned 0x58fa60 [0039.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x58fa60, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="backupcompensation.exe", lpUsedDefaultChar=0x0) returned 23 [0039.774] lstrlenW (lpString="backupcompensation.exe") returned 22 [0039.774] StrStrA (lpFirst="backupcompensation.exe", lpSrch="postgre") returned 0x0 [0039.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0039.774] GetProcessHeap () returned 0x570000 [0039.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x17) returned 0x58fa80 [0039.774] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x58fa80, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="backupcompensation.exe", lpUsedDefaultChar=0x0) returned 23 [0039.775] lstrlenW (lpString="backupcompensation.exe") returned 22 [0039.775] StrStrA (lpFirst="backupcompensation.exe", lpSrch="1c") returned 0x0 [0039.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0039.775] GetProcessHeap () returned 0x570000 [0039.775] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x17) returned 0x58faa0 [0039.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x58faa0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="backupcompensation.exe", lpUsedDefaultChar=0x0) returned 23 [0039.775] lstrlenW (lpString="backupcompensation.exe") returned 22 [0039.775] StrStrA (lpFirst="backupcompensation.exe", lpSrch="excel") returned 0x0 [0039.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0039.775] GetProcessHeap () returned 0x570000 [0039.775] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x17) returned 0x58fac0 [0039.775] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="backupcompensation.exe", cchWideChar=-1, lpMultiByteStr=0x58fac0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="backupcompensation.exe", lpUsedDefaultChar=0x0) returned 23 [0039.775] lstrlenW (lpString="backupcompensation.exe") returned 22 [0039.775] StrStrA (lpFirst="backupcompensation.exe", lpSrch="word") returned 0x0 [0039.775] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="philips.exe")) returned 1 [0039.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.776] GetProcessHeap () returned 0x570000 [0039.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f678 [0039.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x58f678, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="philips.exe", lpUsedDefaultChar=0x0) returned 12 [0039.776] lstrlenW (lpString="philips.exe") returned 11 [0039.776] StrStrA (lpFirst="philips.exe", lpSrch="sql") returned 0x0 [0039.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.776] GetProcessHeap () returned 0x570000 [0039.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f690 [0039.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x58f690, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="philips.exe", lpUsedDefaultChar=0x0) returned 12 [0039.776] lstrlenW (lpString="philips.exe") returned 11 [0039.776] StrStrA (lpFirst="philips.exe", lpSrch="outlook") returned 0x0 [0039.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.776] GetProcessHeap () returned 0x570000 [0039.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f6a8 [0039.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x58f6a8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="philips.exe", lpUsedDefaultChar=0x0) returned 12 [0039.776] lstrlenW (lpString="philips.exe") returned 11 [0039.776] StrStrA (lpFirst="philips.exe", lpSrch="ssms") returned 0x0 [0039.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.776] GetProcessHeap () returned 0x570000 [0039.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f6c0 [0039.776] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x58f6c0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="philips.exe", lpUsedDefaultChar=0x0) returned 12 [0039.776] lstrlenW (lpString="philips.exe") returned 11 [0039.776] StrStrA (lpFirst="philips.exe", lpSrch="postgre") returned 0x0 [0039.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.777] GetProcessHeap () returned 0x570000 [0039.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f6d8 [0039.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x58f6d8, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="philips.exe", lpUsedDefaultChar=0x0) returned 12 [0039.777] lstrlenW (lpString="philips.exe") returned 11 [0039.777] StrStrA (lpFirst="philips.exe", lpSrch="1c") returned 0x0 [0039.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.777] GetProcessHeap () returned 0x570000 [0039.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f6f0 [0039.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x58f6f0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="philips.exe", lpUsedDefaultChar=0x0) returned 12 [0039.777] lstrlenW (lpString="philips.exe") returned 11 [0039.777] StrStrA (lpFirst="philips.exe", lpSrch="excel") returned 0x0 [0039.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.777] GetProcessHeap () returned 0x570000 [0039.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f708 [0039.777] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="philips.exe", cchWideChar=-1, lpMultiByteStr=0x58f708, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="philips.exe", lpUsedDefaultChar=0x0) returned 12 [0039.777] lstrlenW (lpString="philips.exe") returned 11 [0039.777] StrStrA (lpFirst="philips.exe", lpSrch="word") returned 0x0 [0039.777] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x328, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="fax_offerings_something.exe")) returned 1 [0039.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0039.778] GetProcessHeap () returned 0x570000 [0039.778] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x583ef0 [0039.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x583ef0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax_offerings_something.exe", lpUsedDefaultChar=0x0) returned 28 [0039.778] lstrlenW (lpString="fax_offerings_something.exe") returned 27 [0039.778] StrStrA (lpFirst="fax_offerings_something.exe", lpSrch="sql") returned 0x0 [0039.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0039.778] GetProcessHeap () returned 0x570000 [0039.778] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x5840d0 [0039.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x5840d0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax_offerings_something.exe", lpUsedDefaultChar=0x0) returned 28 [0039.778] lstrlenW (lpString="fax_offerings_something.exe") returned 27 [0039.778] StrStrA (lpFirst="fax_offerings_something.exe", lpSrch="outlook") returned 0x0 [0039.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0039.778] GetProcessHeap () returned 0x570000 [0039.778] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x5840f8 [0039.778] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x5840f8, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax_offerings_something.exe", lpUsedDefaultChar=0x0) returned 28 [0039.778] lstrlenW (lpString="fax_offerings_something.exe") returned 27 [0039.778] StrStrA (lpFirst="fax_offerings_something.exe", lpSrch="ssms") returned 0x0 [0039.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0039.779] GetProcessHeap () returned 0x570000 [0039.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x584120 [0039.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x584120, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax_offerings_something.exe", lpUsedDefaultChar=0x0) returned 28 [0039.779] lstrlenW (lpString="fax_offerings_something.exe") returned 27 [0039.779] StrStrA (lpFirst="fax_offerings_something.exe", lpSrch="postgre") returned 0x0 [0039.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0039.779] GetProcessHeap () returned 0x570000 [0039.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x584148 [0039.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x584148, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax_offerings_something.exe", lpUsedDefaultChar=0x0) returned 28 [0039.779] lstrlenW (lpString="fax_offerings_something.exe") returned 27 [0039.779] StrStrA (lpFirst="fax_offerings_something.exe", lpSrch="1c") returned 0x0 [0039.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0039.779] GetProcessHeap () returned 0x570000 [0039.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x584170 [0039.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x584170, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax_offerings_something.exe", lpUsedDefaultChar=0x0) returned 28 [0039.779] lstrlenW (lpString="fax_offerings_something.exe") returned 27 [0039.779] StrStrA (lpFirst="fax_offerings_something.exe", lpSrch="excel") returned 0x0 [0039.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0039.779] GetProcessHeap () returned 0x570000 [0039.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x584198 [0039.779] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="fax_offerings_something.exe", cchWideChar=-1, lpMultiByteStr=0x584198, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="fax_offerings_something.exe", lpUsedDefaultChar=0x0) returned 28 [0039.779] lstrlenW (lpString="fax_offerings_something.exe") returned 27 [0039.780] StrStrA (lpFirst="fax_offerings_something.exe", lpSrch="word") returned 0x0 [0039.780] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="texture.exe")) returned 1 [0039.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.780] GetProcessHeap () returned 0x570000 [0039.780] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f720 [0039.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x58f720, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="texture.exe", lpUsedDefaultChar=0x0) returned 12 [0039.780] lstrlenW (lpString="texture.exe") returned 11 [0039.780] StrStrA (lpFirst="texture.exe", lpSrch="sql") returned 0x0 [0039.780] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.780] GetProcessHeap () returned 0x570000 [0039.780] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f738 [0039.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x58f738, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="texture.exe", lpUsedDefaultChar=0x0) returned 12 [0039.781] lstrlenW (lpString="texture.exe") returned 11 [0039.781] StrStrA (lpFirst="texture.exe", lpSrch="outlook") returned 0x0 [0039.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.781] GetProcessHeap () returned 0x570000 [0039.781] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f750 [0039.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x58f750, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="texture.exe", lpUsedDefaultChar=0x0) returned 12 [0039.781] lstrlenW (lpString="texture.exe") returned 11 [0039.781] StrStrA (lpFirst="texture.exe", lpSrch="ssms") returned 0x0 [0039.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.781] GetProcessHeap () returned 0x570000 [0039.781] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f768 [0039.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x58f768, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="texture.exe", lpUsedDefaultChar=0x0) returned 12 [0039.781] lstrlenW (lpString="texture.exe") returned 11 [0039.781] StrStrA (lpFirst="texture.exe", lpSrch="postgre") returned 0x0 [0039.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.781] GetProcessHeap () returned 0x570000 [0039.781] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f780 [0039.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x58f780, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="texture.exe", lpUsedDefaultChar=0x0) returned 12 [0039.781] lstrlenW (lpString="texture.exe") returned 11 [0039.781] StrStrA (lpFirst="texture.exe", lpSrch="1c") returned 0x0 [0039.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.781] GetProcessHeap () returned 0x570000 [0039.781] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f798 [0039.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x58f798, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="texture.exe", lpUsedDefaultChar=0x0) returned 12 [0039.781] lstrlenW (lpString="texture.exe") returned 11 [0039.781] StrStrA (lpFirst="texture.exe", lpSrch="excel") returned 0x0 [0039.781] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.781] GetProcessHeap () returned 0x570000 [0039.782] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x58f7b0 [0039.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="texture.exe", cchWideChar=-1, lpMultiByteStr=0x58f7b0, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="texture.exe", lpUsedDefaultChar=0x0) returned 12 [0039.782] lstrlenW (lpString="texture.exe") returned 11 [0039.782] StrStrA (lpFirst="texture.exe", lpSrch="word") returned 0x0 [0039.782] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="index.exe")) returned 1 [0039.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.782] GetProcessHeap () returned 0x570000 [0039.782] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58f7c8 [0039.782] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x58f7c8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.exe", lpUsedDefaultChar=0x0) returned 10 [0039.782] lstrlenW (lpString="index.exe") returned 9 [0039.782] StrStrA (lpFirst="index.exe", lpSrch="sql") returned 0x0 [0039.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.783] GetProcessHeap () returned 0x570000 [0039.783] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58f7e0 [0039.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x58f7e0, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.exe", lpUsedDefaultChar=0x0) returned 10 [0039.783] lstrlenW (lpString="index.exe") returned 9 [0039.783] StrStrA (lpFirst="index.exe", lpSrch="outlook") returned 0x0 [0039.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.783] GetProcessHeap () returned 0x570000 [0039.783] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58f7f8 [0039.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x58f7f8, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.exe", lpUsedDefaultChar=0x0) returned 10 [0039.783] lstrlenW (lpString="index.exe") returned 9 [0039.783] StrStrA (lpFirst="index.exe", lpSrch="ssms") returned 0x0 [0039.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.783] GetProcessHeap () returned 0x570000 [0039.783] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58f810 [0039.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x58f810, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.exe", lpUsedDefaultChar=0x0) returned 10 [0039.783] lstrlenW (lpString="index.exe") returned 9 [0039.783] StrStrA (lpFirst="index.exe", lpSrch="postgre") returned 0x0 [0039.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.783] GetProcessHeap () returned 0x570000 [0039.783] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58f828 [0039.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x58f828, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.exe", lpUsedDefaultChar=0x0) returned 10 [0039.783] lstrlenW (lpString="index.exe") returned 9 [0039.783] StrStrA (lpFirst="index.exe", lpSrch="1c") returned 0x0 [0039.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.783] GetProcessHeap () returned 0x570000 [0039.783] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58f840 [0039.783] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x58f840, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.exe", lpUsedDefaultChar=0x0) returned 10 [0039.783] lstrlenW (lpString="index.exe") returned 9 [0039.783] StrStrA (lpFirst="index.exe", lpSrch="excel") returned 0x0 [0039.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.784] GetProcessHeap () returned 0x570000 [0039.784] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x58f858 [0039.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="index.exe", cchWideChar=-1, lpMultiByteStr=0x58f858, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="index.exe", lpUsedDefaultChar=0x0) returned 10 [0039.784] lstrlenW (lpString="index.exe") returned 9 [0039.784] StrStrA (lpFirst="index.exe", lpSrch="word") returned 0x0 [0039.784] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="cost verde.exe")) returned 1 [0039.784] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.784] GetProcessHeap () returned 0x570000 [0039.784] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x58f870 [0039.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x58f870, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cost verde.exe", lpUsedDefaultChar=0x0) returned 15 [0039.785] lstrlenW (lpString="cost verde.exe") returned 14 [0039.785] StrStrA (lpFirst="cost verde.exe", lpSrch="sql") returned 0x0 [0039.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.785] GetProcessHeap () returned 0x570000 [0039.785] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x58f888 [0039.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x58f888, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cost verde.exe", lpUsedDefaultChar=0x0) returned 15 [0039.785] lstrlenW (lpString="cost verde.exe") returned 14 [0039.785] StrStrA (lpFirst="cost verde.exe", lpSrch="outlook") returned 0x0 [0039.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.785] GetProcessHeap () returned 0x570000 [0039.785] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x58f8a0 [0039.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x58f8a0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cost verde.exe", lpUsedDefaultChar=0x0) returned 15 [0039.785] lstrlenW (lpString="cost verde.exe") returned 14 [0039.785] StrStrA (lpFirst="cost verde.exe", lpSrch="ssms") returned 0x0 [0039.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.785] GetProcessHeap () returned 0x570000 [0039.785] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x5900e0 [0039.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x5900e0, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cost verde.exe", lpUsedDefaultChar=0x0) returned 15 [0039.785] lstrlenW (lpString="cost verde.exe") returned 14 [0039.785] StrStrA (lpFirst="cost verde.exe", lpSrch="postgre") returned 0x0 [0039.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.785] GetProcessHeap () returned 0x570000 [0039.785] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x5900f8 [0039.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x5900f8, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cost verde.exe", lpUsedDefaultChar=0x0) returned 15 [0039.785] lstrlenW (lpString="cost verde.exe") returned 14 [0039.785] StrStrA (lpFirst="cost verde.exe", lpSrch="1c") returned 0x0 [0039.785] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.785] GetProcessHeap () returned 0x570000 [0039.786] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590110 [0039.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x590110, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cost verde.exe", lpUsedDefaultChar=0x0) returned 15 [0039.786] lstrlenW (lpString="cost verde.exe") returned 14 [0039.786] StrStrA (lpFirst="cost verde.exe", lpSrch="excel") returned 0x0 [0039.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0039.786] GetProcessHeap () returned 0x570000 [0039.786] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590128 [0039.786] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cost verde.exe", cchWideChar=-1, lpMultiByteStr=0x590128, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cost verde.exe", lpUsedDefaultChar=0x0) returned 15 [0039.786] lstrlenW (lpString="cost verde.exe") returned 14 [0039.786] StrStrA (lpFirst="cost verde.exe", lpSrch="word") returned 0x0 [0039.786] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x15c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="match_mustang_associations.exe")) returned 1 [0039.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0039.787] GetProcessHeap () returned 0x570000 [0039.787] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1f) returned 0x5841c0 [0039.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x5841c0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="match_mustang_associations.exe", lpUsedDefaultChar=0x0) returned 31 [0039.787] lstrlenW (lpString="match_mustang_associations.exe") returned 30 [0039.787] StrStrA (lpFirst="match_mustang_associations.exe", lpSrch="sql") returned 0x0 [0039.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0039.787] GetProcessHeap () returned 0x570000 [0039.787] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1f) returned 0x5841e8 [0039.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x5841e8, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="match_mustang_associations.exe", lpUsedDefaultChar=0x0) returned 31 [0039.787] lstrlenW (lpString="match_mustang_associations.exe") returned 30 [0039.787] StrStrA (lpFirst="match_mustang_associations.exe", lpSrch="outlook") returned 0x0 [0039.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0039.787] GetProcessHeap () returned 0x570000 [0039.787] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1f) returned 0x584210 [0039.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x584210, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="match_mustang_associations.exe", lpUsedDefaultChar=0x0) returned 31 [0039.787] lstrlenW (lpString="match_mustang_associations.exe") returned 30 [0039.787] StrStrA (lpFirst="match_mustang_associations.exe", lpSrch="ssms") returned 0x0 [0039.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0039.787] GetProcessHeap () returned 0x570000 [0039.787] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1f) returned 0x584238 [0039.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x584238, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="match_mustang_associations.exe", lpUsedDefaultChar=0x0) returned 31 [0039.787] lstrlenW (lpString="match_mustang_associations.exe") returned 30 [0039.787] StrStrA (lpFirst="match_mustang_associations.exe", lpSrch="postgre") returned 0x0 [0039.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0039.787] GetProcessHeap () returned 0x570000 [0039.787] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1f) returned 0x584260 [0039.787] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x584260, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="match_mustang_associations.exe", lpUsedDefaultChar=0x0) returned 31 [0039.787] lstrlenW (lpString="match_mustang_associations.exe") returned 30 [0039.788] StrStrA (lpFirst="match_mustang_associations.exe", lpSrch="1c") returned 0x0 [0039.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0039.788] GetProcessHeap () returned 0x570000 [0039.788] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1f) returned 0x584288 [0039.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x584288, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="match_mustang_associations.exe", lpUsedDefaultChar=0x0) returned 31 [0039.788] lstrlenW (lpString="match_mustang_associations.exe") returned 30 [0039.788] StrStrA (lpFirst="match_mustang_associations.exe", lpSrch="excel") returned 0x0 [0039.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 31 [0039.788] GetProcessHeap () returned 0x570000 [0039.788] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1f) returned 0x5842b0 [0039.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="match_mustang_associations.exe", cchWideChar=-1, lpMultiByteStr=0x5842b0, cbMultiByte=31, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="match_mustang_associations.exe", lpUsedDefaultChar=0x0) returned 31 [0039.788] lstrlenW (lpString="match_mustang_associations.exe") returned 30 [0039.788] StrStrA (lpFirst="match_mustang_associations.exe", lpSrch="word") returned 0x0 [0039.788] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x318, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="italianoescapeseveral.exe")) returned 1 [0039.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0039.791] GetProcessHeap () returned 0x570000 [0039.791] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x5842d8 [0039.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x5842d8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="italianoescapeseveral.exe", lpUsedDefaultChar=0x0) returned 26 [0039.791] lstrlenW (lpString="italianoescapeseveral.exe") returned 25 [0039.791] StrStrA (lpFirst="italianoescapeseveral.exe", lpSrch="sql") returned 0x0 [0039.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0039.791] GetProcessHeap () returned 0x570000 [0039.791] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x584300 [0039.791] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x584300, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="italianoescapeseveral.exe", lpUsedDefaultChar=0x0) returned 26 [0039.791] lstrlenW (lpString="italianoescapeseveral.exe") returned 25 [0039.791] StrStrA (lpFirst="italianoescapeseveral.exe", lpSrch="outlook") returned 0x0 [0039.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0039.792] GetProcessHeap () returned 0x570000 [0039.792] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x584328 [0039.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x584328, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="italianoescapeseveral.exe", lpUsedDefaultChar=0x0) returned 26 [0039.792] lstrlenW (lpString="italianoescapeseveral.exe") returned 25 [0039.792] StrStrA (lpFirst="italianoescapeseveral.exe", lpSrch="ssms") returned 0x0 [0039.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0039.792] GetProcessHeap () returned 0x570000 [0039.792] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x584350 [0039.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x584350, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="italianoescapeseveral.exe", lpUsedDefaultChar=0x0) returned 26 [0039.792] lstrlenW (lpString="italianoescapeseveral.exe") returned 25 [0039.792] StrStrA (lpFirst="italianoescapeseveral.exe", lpSrch="postgre") returned 0x0 [0039.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0039.792] GetProcessHeap () returned 0x570000 [0039.792] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x584378 [0039.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x584378, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="italianoescapeseveral.exe", lpUsedDefaultChar=0x0) returned 26 [0039.792] lstrlenW (lpString="italianoescapeseveral.exe") returned 25 [0039.792] StrStrA (lpFirst="italianoescapeseveral.exe", lpSrch="1c") returned 0x0 [0039.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0039.792] GetProcessHeap () returned 0x570000 [0039.792] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x5843a0 [0039.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x5843a0, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="italianoescapeseveral.exe", lpUsedDefaultChar=0x0) returned 26 [0039.792] lstrlenW (lpString="italianoescapeseveral.exe") returned 25 [0039.792] StrStrA (lpFirst="italianoescapeseveral.exe", lpSrch="excel") returned 0x0 [0039.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0039.792] GetProcessHeap () returned 0x570000 [0039.792] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x5843c8 [0039.792] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="italianoescapeseveral.exe", cchWideChar=-1, lpMultiByteStr=0x5843c8, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="italianoescapeseveral.exe", lpUsedDefaultChar=0x0) returned 26 [0039.792] lstrlenW (lpString="italianoescapeseveral.exe") returned 25 [0039.793] StrStrA (lpFirst="italianoescapeseveral.exe", lpSrch="word") returned 0x0 [0039.793] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="djchad.exe")) returned 1 [0039.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="djchad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0039.793] GetProcessHeap () returned 0x570000 [0039.793] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590140 [0039.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="djchad.exe", cchWideChar=-1, lpMultiByteStr=0x590140, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="djchad.exe", lpUsedDefaultChar=0x0) returned 11 [0039.793] lstrlenW (lpString="djchad.exe") returned 10 [0039.793] StrStrA (lpFirst="djchad.exe", lpSrch="sql") returned 0x0 [0039.793] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="djchad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0039.793] GetProcessHeap () returned 0x570000 [0039.794] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590158 [0039.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="djchad.exe", cchWideChar=-1, lpMultiByteStr=0x590158, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="djchad.exe", lpUsedDefaultChar=0x0) returned 11 [0039.794] lstrlenW (lpString="djchad.exe") returned 10 [0039.794] StrStrA (lpFirst="djchad.exe", lpSrch="outlook") returned 0x0 [0039.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="djchad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0039.794] GetProcessHeap () returned 0x570000 [0039.794] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590170 [0039.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="djchad.exe", cchWideChar=-1, lpMultiByteStr=0x590170, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="djchad.exe", lpUsedDefaultChar=0x0) returned 11 [0039.794] lstrlenW (lpString="djchad.exe") returned 10 [0039.794] StrStrA (lpFirst="djchad.exe", lpSrch="ssms") returned 0x0 [0039.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="djchad.exe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0039.794] GetProcessHeap () returned 0x570000 [0039.794] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590188 [0039.794] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="djchad.exe", cchWideChar=-1, lpMultiByteStr=0x590188, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="djchad.exe", lpUsedDefaultChar=0x0) returned 11 [0039.794] lstrlenW (lpString="djchad.exe") returned 10 [0039.794] StrStrA (lpFirst="djchad.exe", lpSrch="postgre") returned 0x0 [0039.794] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="neareststolensquirt.exe")) returned 1 [0039.795] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="springfield-notified-pressing.exe")) returned 1 [0039.796] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7c0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ascii.exe")) returned 1 [0039.796] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="distinction_mention_slots.exe")) returned 1 [0039.797] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="rush.exe")) returned 1 [0039.798] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="gazette-welsh.exe")) returned 1 [0039.798] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x59c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="instructor.exe")) returned 1 [0039.799] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="achieve.exe")) returned 1 [0039.800] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x664, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="almosthughes.exe")) returned 1 [0039.801] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0039.801] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x714, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0039.802] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="dllhost.exe")) returned 1 [0039.802] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x73c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihvgt.exe")) returned 1 [0039.803] Process32NextW (in: hSnapshot=0x78, lppe=0x18ed3c | out: lppe=0x18ed3c*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x73c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sihvgt.exe")) returned 0 [0039.804] CloseHandle (hObject=0x78) returned 1 [0039.804] GetProcessHeap () returned 0x570000 [0039.804] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x70) returned 0x588d30 [0039.804] GetLogicalDrives () returned 0x4 [0039.804] GetDriveTypeA (lpRootPathName="C:\\") returned 0x3 [0039.804] GetProcessHeap () returned 0x570000 [0039.804] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3) returned 0x58ed60 [0039.804] lstrcpyA (in: lpString1=0x58ed60, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0039.804] GetProcessHeap () returned 0x570000 [0039.804] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f50 [0039.804] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x40994f, lpParameter=0x590f50, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x78 [0039.805] WaitForMultipleObjects (nCount=0x1, lpHandles=0x18e6fc*=0x78, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0x4e8 [0039.805] _alloca_probe () returned 0x409959 [0039.805] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x1, lpMultiByteStr=0x58ed60, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 4 [0039.806] GetProcessHeap () returned 0x570000 [0039.806] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed70 [0039.806] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x1, lpMultiByteStr=0x58ed60, cbMultiByte=-1, lpWideCharStr=0x58ed70, cchWideChar=4 | out: lpWideCharStr="C:\\") returned 4 [0039.806] GetProcessHeap () returned 0x570000 [0039.806] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed80 [0039.806] lstrlenW (lpString="C:\\") returned 3 [0039.806] GetProcessHeap () returned 0x570000 [0039.806] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed90 [0039.806] lstrcpyW (in: lpString1=0x58ed90, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0039.806] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\" | out: lpString1="C:\\") returned="C:\\" [0039.806] GetProcessHeap () returned 0x570000 [0039.806] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ed90 | out: hHeap=0x570000) returned 1 [0039.806] GetProcessHeap () returned 0x570000 [0039.806] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ed80 | out: hHeap=0x570000) returned 1 [0039.806] lstrlenW (lpString="C:\\") returned 3 [0039.806] lstrcatW (in: lpString1="C:\\", lpString2="*" | out: lpString1="C:\\*") returned="C:\\*" [0039.806] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x588da8 [0039.806] lstrcmpiW (lpString1="$Recycle.Bin", lpString2=".") returned -1 [0039.806] lstrcmpiW (lpString1="$Recycle.Bin", lpString2="..") returned -1 [0039.806] lstrcatW (in: lpString1="C:\\", lpString2="$Recycle.Bin" | out: lpString1="C:\\$Recycle.Bin") returned="C:\\$Recycle.Bin" [0039.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="$Recycle.Bin", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.806] GetProcessHeap () returned 0x570000 [0039.806] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0039.806] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="$Recycle.Bin", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="$Recycle.Bin", lpUsedDefaultChar=0x0) returned 13 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.807] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.808] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="$Recycle.Bin", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.808] lstrcatW (in: lpString1="C:\\$Recycle.Bin", lpString2="\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0039.808] GetProcessHeap () returned 0x570000 [0039.808] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed80 [0039.808] lstrlenW (lpString="C:\\$Recycle.Bin\\") returned 16 [0039.808] GetProcessHeap () returned 0x570000 [0039.808] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x22) returned 0x588de8 [0039.808] lstrcpyW (in: lpString1=0x588de8, lpString2="C:\\$Recycle.Bin\\" | out: lpString1="C:\\$Recycle.Bin\\") returned="C:\\$Recycle.Bin\\" [0039.808] GetProcessHeap () returned 0x570000 [0039.808] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.808] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0039.808] lstrcmpiW (lpString1="Boot", lpString2=".") returned 1 [0039.808] lstrcmpiW (lpString1="Boot", lpString2="..") returned 1 [0039.809] lstrcatW (in: lpString1="C:\\", lpString2="Boot" | out: lpString1="C:\\Boot") returned="C:\\Boot" [0039.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Boot", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0039.809] GetProcessHeap () returned 0x570000 [0039.809] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5) returned 0x58ed90 [0039.809] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Boot", cchWideChar=-1, lpMultiByteStr=0x58ed90, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Boot", lpUsedDefaultChar=0x0) returned 5 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0039.809] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0039.810] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.811] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0039.811] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.811] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Boot", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.811] lstrcatW (in: lpString1="C:\\Boot", lpString2="\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0039.811] GetProcessHeap () returned 0x570000 [0039.811] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eda0 [0039.811] lstrlenW (lpString="C:\\Boot\\") returned 8 [0039.811] GetProcessHeap () returned 0x570000 [0039.811] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12) returned 0x58fda0 [0039.811] lstrcpyW (in: lpString1=0x58fda0, lpString2="C:\\Boot\\" | out: lpString1="C:\\Boot\\") returned="C:\\Boot\\" [0039.811] GetProcessHeap () returned 0x570000 [0039.811] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ed90 | out: hHeap=0x570000) returned 1 [0039.811] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0039.811] lstrcmpiW (lpString1="bootmgr", lpString2=".") returned 1 [0039.811] lstrcmpiW (lpString1="bootmgr", lpString2="..") returned 1 [0039.811] lstrcatW (in: lpString1="C:\\", lpString2="bootmgr" | out: lpString1="C:\\bootmgr") returned="C:\\bootmgr" [0039.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bootmgr", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.811] GetProcessHeap () returned 0x570000 [0039.811] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed90 [0039.811] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="bootmgr", cchWideChar=-1, lpMultiByteStr=0x58ed90, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="bootmgr", lpUsedDefaultChar=0x0) returned 8 [0039.811] lstrlenA (lpString="bootmgr") returned 7 [0039.811] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.811] lstrlenA (lpString="bootmgr") returned 7 [0039.811] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.811] lstrcmpiW (lpString1="bootmgr", lpString2="decrypt_files.html") returned -1 [0039.811] lstrcmpiW (lpString1="bootmgr", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0039.811] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0039.811] lstrcmpiW (lpString1="bootmgr", lpString2="sihvgt.exe") returned -1 [0039.811] SetFileAttributesW (lpFileName="C:\\bootmgr", dwFileAttributes=0x26) returned 0 [0039.812] _alloca_probe () returned 0x40908b [0039.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\bootmgr", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0039.813] GetProcessHeap () returned 0x570000 [0039.813] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590f68 [0039.813] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\bootmgr", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\bootmgr", lpUsedDefaultChar=0x0) returned 11 [0039.813] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0039.813] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{72C48FDE-3CE2-4BE9-89E3-4FFA0D0FD6E8}") returned 38 [0039.813] lstrlenA (lpString="{72C48FDE-3CE2-4BE9-89E3-4FFA0D0FD6E8}") returned 38 [0039.813] CreateFileW (lpFileName="C:\\bootmgr" (normalized: "c:\\bootmgr"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.813] lstrlenA (lpString="rsa_encrypt") returned 11 [0039.813] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x588eb8) returned 1 [0039.814] CryptGenRandom (in: hProv=0x588eb8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0039.814] CryptReleaseContext (hProv=0x588eb8, dwFlags=0x0) returned 1 [0039.814] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0039.814] GetProcessHeap () returned 0x570000 [0039.814] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588e18 [0039.814] lstrlenA (lpString="010001") returned 6 [0039.814] GetProcessHeap () returned 0x570000 [0039.814] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58edb0 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588ea0 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ea0 | out: hHeap=0x570000) returned 1 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58edc0 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edc0 | out: hHeap=0x570000) returned 1 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588ea0 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5922e0 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edc0 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0039.815] GetProcessHeap () returned 0x570000 [0039.815] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ea0 | out: hHeap=0x570000) returned 1 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edc0 | out: hHeap=0x570000) returned 1 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.816] GetProcessHeap () returned 0x570000 [0039.816] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.817] GetProcessHeap () returned 0x570000 [0039.817] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.817] GetProcessHeap () returned 0x570000 [0039.818] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.818] GetProcessHeap () returned 0x570000 [0039.818] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.818] GetProcessHeap () returned 0x570000 [0039.819] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.819] GetProcessHeap () returned 0x570000 [0039.819] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.819] GetProcessHeap () returned 0x570000 [0039.820] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.820] GetProcessHeap () returned 0x570000 [0039.820] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.821] GetProcessHeap () returned 0x570000 [0039.821] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.822] GetProcessHeap () returned 0x570000 [0039.822] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.822] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.823] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0039.823] GetProcessHeap () returned 0x570000 [0039.824] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0039.824] GetProcessHeap () returned 0x570000 [0039.824] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0039.824] GetProcessHeap () returned 0x570000 [0039.824] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0039.824] GetProcessHeap () returned 0x570000 [0039.824] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edb0 | out: hHeap=0x570000) returned 1 [0039.824] GetProcessHeap () returned 0x570000 [0039.824] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e18 | out: hHeap=0x570000) returned 1 [0039.824] WriteFile (in: hFile=0xffffffff, lpBuffer=0x50b720, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0) returned 0 [0039.824] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0039.824] WriteFile (in: hFile=0xffffffff, lpBuffer=0x40cbe0, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0) returned 0 [0039.824] CloseHandle (hObject=0xffffffff) returned 0 [0039.824] GetProcessHeap () returned 0x570000 [0039.824] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.824] GetProcessHeap () returned 0x570000 [0039.824] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ed90 | out: hHeap=0x570000) returned 1 [0039.824] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0039.824] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2=".") returned 1 [0039.824] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="..") returned 1 [0039.824] lstrcatW (in: lpString1="C:\\", lpString2="BOOTSECT.BAK" | out: lpString1="C:\\BOOTSECT.BAK") returned="C:\\BOOTSECT.BAK" [0039.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTSECT.BAK", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.824] GetProcessHeap () returned 0x570000 [0039.824] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0039.824] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BOOTSECT.BAK", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BOOTSECT.BAK", lpUsedDefaultChar=0x0) returned 13 [0039.824] lstrlenA (lpString="BOOTSECT.BAK") returned 12 [0039.824] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.825] lstrlenA (lpString="BOOTSECT.BAK") returned 12 [0039.825] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.825] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="decrypt_files.html") returned -1 [0039.825] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0039.825] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0039.825] lstrcmpiW (lpString1="BOOTSECT.BAK", lpString2="sihvgt.exe") returned -1 [0039.825] SetFileAttributesW (lpFileName="C:\\BOOTSECT.BAK", dwFileAttributes=0x26) returned 1 [0039.827] _alloca_probe () returned 0x40908b [0039.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\BOOTSECT.BAK", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0039.827] GetProcessHeap () returned 0x570000 [0039.827] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x10) returned 0x590f80 [0039.827] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\BOOTSECT.BAK", cchWideChar=-1, lpMultiByteStr=0x590f80, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\BOOTSECT.BAK", lpUsedDefaultChar=0x0) returned 16 [0039.827] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0039.827] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{52B5FD84-DF4A-4178-BEE8-ADC669C11A6C}") returned 38 [0039.827] lstrlenA (lpString="{52B5FD84-DF4A-4178-BEE8-ADC669C11A6C}") returned 38 [0039.827] CreateFileW (lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0039.827] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=8192) returned 1 [0039.827] lstrlenA (lpString="{52B5FD84-DF4A-4178-BEE8-ADC669C11A6C}") returned 38 [0039.827] GetProcessHeap () returned 0x570000 [0039.827] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x588e18 [0039.827] GetProcessHeap () returned 0x570000 [0039.827] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588e90 [0039.828] lstrlenA (lpString="C:\\BOOTSECT.BAK") returned 15 [0039.841] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0039.886] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0039.886] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0039.886] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0039.887] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0039.887] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0039.887] lstrlenA (lpString="rsa_encrypt") returned 11 [0039.887] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x588f18) returned 1 [0039.888] CryptGenRandom (in: hProv=0x588f18, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0039.888] CryptReleaseContext (hProv=0x588f18, dwFlags=0x0) returned 1 [0039.888] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0039.888] GetProcessHeap () returned 0x570000 [0039.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588f18 [0039.888] lstrlenA (lpString="010001") returned 6 [0039.888] GetProcessHeap () returned 0x570000 [0039.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ed90 [0039.888] GetProcessHeap () returned 0x570000 [0039.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5922e0 [0039.888] GetProcessHeap () returned 0x570000 [0039.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0039.888] GetProcessHeap () returned 0x570000 [0039.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0039.888] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58edb0 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edb0 | out: hHeap=0x570000) returned 1 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5922e0 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592368 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edb0 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.889] GetProcessHeap () returned 0x570000 [0039.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590fb0 [0039.889] GetProcessHeap () returned 0x570000 [0039.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edb0 | out: hHeap=0x570000) returned 1 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590fb0 | out: hHeap=0x570000) returned 1 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.890] GetProcessHeap () returned 0x570000 [0039.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.891] GetProcessHeap () returned 0x570000 [0039.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.892] GetProcessHeap () returned 0x570000 [0039.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.892] GetProcessHeap () returned 0x570000 [0039.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.893] GetProcessHeap () returned 0x570000 [0039.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.894] GetProcessHeap () returned 0x570000 [0039.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.895] GetProcessHeap () returned 0x570000 [0039.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.896] GetProcessHeap () returned 0x570000 [0039.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edd0 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edd0 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592368 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ed90 | out: hHeap=0x570000) returned 1 [0039.897] GetProcessHeap () returned 0x570000 [0039.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f18 | out: hHeap=0x570000) returned 1 [0039.898] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0039.898] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0039.898] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0039.898] CloseHandle (hObject=0x80) returned 1 [0039.899] GetProcessHeap () returned 0x570000 [0039.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0039.899] GetProcessHeap () returned 0x570000 [0039.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e18 | out: hHeap=0x570000) returned 1 [0039.899] GetProcessHeap () returned 0x570000 [0039.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e90 | out: hHeap=0x570000) returned 1 [0039.899] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\BOOTSECT.BAK" | out: lpString1="C:\\BOOTSECT.BAK") returned="C:\\BOOTSECT.BAK" [0039.899] lstrcatW (in: lpString1="C:\\BOOTSECT.BAK", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\BOOTSECT.BAK.{Killback@protonmail.com}KBK") returned="C:\\BOOTSECT.BAK.{Killback@protonmail.com}KBK" [0039.899] MoveFileExW (lpExistingFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), lpNewFileName="C:\\BOOTSECT.BAK.{Killback@protonmail.com}KBK" (normalized: "c:\\bootsect.bak.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0039.900] PathRemoveFileSpecW (in: pszPath="C:\\BOOTSECT.BAK" | out: pszPath="C:\\") returned 1 [0039.900] lstrcatW (in: lpString1="C:\\", lpString2="\\" | out: lpString1="C:\\\\") returned="C:\\\\" [0039.900] lstrcatW (in: lpString1="C:\\\\", lpString2="decrypt_files.html" | out: lpString1="C:\\\\decrypt_files.html") returned="C:\\\\decrypt_files.html" [0039.900] GetFileAttributesW (lpFileName="C:\\\\decrypt_files.html" (normalized: "c:\\decrypt_files.html")) returned 0xffffffff [0039.900] CreateFileW (lpFileName="C:\\\\decrypt_files.html" (normalized: "c:\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0039.900] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0039.901] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0039.902] CloseHandle (hObject=0x80) returned 1 [0039.902] GetProcessHeap () returned 0x570000 [0039.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.902] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0039.902] lstrcmpiW (lpString1="Config.Msi", lpString2=".") returned 1 [0039.902] lstrcmpiW (lpString1="Config.Msi", lpString2="..") returned 1 [0039.903] lstrcatW (in: lpString1="C:\\", lpString2="Config.Msi" | out: lpString1="C:\\Config.Msi") returned="C:\\Config.Msi" [0039.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Config.Msi", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0039.903] GetProcessHeap () returned 0x570000 [0039.903] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590f68 [0039.903] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Config.Msi", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Config.Msi", lpUsedDefaultChar=0x0) returned 11 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.903] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0039.904] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Config.Msi", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.905] lstrcatW (in: lpString1="C:\\Config.Msi", lpString2="\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0039.905] GetProcessHeap () returned 0x570000 [0039.905] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ed90 [0039.905] lstrlenW (lpString="C:\\Config.Msi\\") returned 14 [0039.905] GetProcessHeap () returned 0x570000 [0039.905] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1e) returned 0x5905d0 [0039.905] lstrcpyW (in: lpString1=0x5905d0, lpString2="C:\\Config.Msi\\" | out: lpString1="C:\\Config.Msi\\") returned="C:\\Config.Msi\\" [0039.905] GetProcessHeap () returned 0x570000 [0039.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.905] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0039.905] lstrcmpiW (lpString1="Documents and Settings", lpString2=".") returned 1 [0039.905] lstrcmpiW (lpString1="Documents and Settings", lpString2="..") returned 1 [0039.905] lstrcatW (in: lpString1="C:\\", lpString2="Documents and Settings" | out: lpString1="C:\\Documents and Settings") returned="C:\\Documents and Settings" [0039.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Documents and Settings", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0039.905] GetProcessHeap () returned 0x570000 [0039.905] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x17) returned 0x58fdc0 [0039.905] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Documents and Settings", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Documents and Settings", lpUsedDefaultChar=0x0) returned 23 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.905] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0039.906] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.907] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0039.907] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0039.907] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.907] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0039.907] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0039.907] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.907] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0039.907] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.907] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents and Settings", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.907] lstrcatW (in: lpString1="C:\\Documents and Settings", lpString2="\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0039.907] GetProcessHeap () returned 0x570000 [0039.907] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58edd0 [0039.907] lstrlenW (lpString="C:\\Documents and Settings\\") returned 26 [0039.907] GetProcessHeap () returned 0x570000 [0039.907] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x588e18 [0039.907] lstrcpyW (in: lpString1=0x588e18, lpString2="C:\\Documents and Settings\\" | out: lpString1="C:\\Documents and Settings\\") returned="C:\\Documents and Settings\\" [0039.907] GetProcessHeap () returned 0x570000 [0039.907] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0039.907] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x813b7be0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0039.907] lstrcmpiW (lpString1="hiberfil.sys", lpString2=".") returned 1 [0039.907] lstrcmpiW (lpString1="hiberfil.sys", lpString2="..") returned 1 [0039.907] lstrcatW (in: lpString1="C:\\", lpString2="hiberfil.sys" | out: lpString1="C:\\hiberfil.sys") returned="C:\\hiberfil.sys" [0039.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hiberfil.sys", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.907] GetProcessHeap () returned 0x570000 [0039.907] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0039.907] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="hiberfil.sys", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="hiberfil.sys", lpUsedDefaultChar=0x0) returned 13 [0039.907] lstrlenA (lpString="hiberfil.sys") returned 12 [0039.907] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.907] lstrlenA (lpString="hiberfil.sys") returned 12 [0039.907] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.908] lstrcmpiW (lpString1="hiberfil.sys", lpString2="decrypt_files.html") returned 1 [0039.908] lstrcmpiW (lpString1="hiberfil.sys", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0039.908] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0039.908] lstrcmpiW (lpString1="hiberfil.sys", lpString2="sihvgt.exe") returned -1 [0039.908] _alloca_probe () returned 0x40908b [0039.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\hiberfil.sys", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0039.908] GetProcessHeap () returned 0x570000 [0039.908] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x10) returned 0x590f80 [0039.908] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\hiberfil.sys", cchWideChar=-1, lpMultiByteStr=0x590f80, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\hiberfil.sys", lpUsedDefaultChar=0x0) returned 16 [0039.908] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0039.908] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{9C1679C2-E172-46E8-A640-0D89DB4ECD63}") returned 38 [0039.908] lstrlenA (lpString="{9C1679C2-E172-46E8-A640-0D89DB4ECD63}") returned 38 [0039.908] CreateFileW (lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.908] lstrlenA (lpString="rsa_encrypt") returned 11 [0039.908] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x588ef8) returned 1 [0039.909] CryptGenRandom (in: hProv=0x588ef8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0039.909] CryptReleaseContext (hProv=0x588ef8, dwFlags=0x0) returned 1 [0039.909] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0039.909] GetProcessHeap () returned 0x570000 [0039.909] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588e58 [0039.909] lstrlenA (lpString="010001") returned 6 [0039.909] GetProcessHeap () returned 0x570000 [0039.909] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58edb0 [0039.909] GetProcessHeap () returned 0x570000 [0039.909] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588ee0 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ee0 | out: hHeap=0x570000) returned 1 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58edc0 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edc0 | out: hHeap=0x570000) returned 1 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588ee0 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5922e0 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edc0 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ee0 | out: hHeap=0x570000) returned 1 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0039.910] GetProcessHeap () returned 0x570000 [0039.910] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0039.910] GetProcessHeap () returned 0x570000 [0039.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590fb0 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edc0 | out: hHeap=0x570000) returned 1 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590fb0 | out: hHeap=0x570000) returned 1 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.911] GetProcessHeap () returned 0x570000 [0039.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.911] GetProcessHeap () returned 0x570000 [0039.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.912] GetProcessHeap () returned 0x570000 [0039.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.913] GetProcessHeap () returned 0x570000 [0039.913] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.913] GetProcessHeap () returned 0x570000 [0039.914] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.914] GetProcessHeap () returned 0x570000 [0039.914] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.915] GetProcessHeap () returned 0x570000 [0039.915] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.915] GetProcessHeap () returned 0x570000 [0039.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.916] GetProcessHeap () returned 0x570000 [0039.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.916] GetProcessHeap () returned 0x570000 [0039.917] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.917] GetProcessHeap () returned 0x570000 [0039.917] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.917] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ede0 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edb0 | out: hHeap=0x570000) returned 1 [0039.918] GetProcessHeap () returned 0x570000 [0039.918] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e58 | out: hHeap=0x570000) returned 1 [0039.919] WriteFile (in: hFile=0xffffffff, lpBuffer=0x50b720, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0) returned 0 [0039.919] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0039.919] WriteFile (in: hFile=0xffffffff, lpBuffer=0x40cbe0, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0) returned 0 [0039.919] CloseHandle (hObject=0xffffffff) returned 0 [0039.919] GetProcessHeap () returned 0x570000 [0039.919] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0039.919] GetProcessHeap () returned 0x570000 [0039.919] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.920] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0039.920] lstrcmpiW (lpString1="MSOCache", lpString2=".") returned 1 [0039.920] lstrcmpiW (lpString1="MSOCache", lpString2="..") returned 1 [0039.920] lstrcatW (in: lpString1="C:\\", lpString2="MSOCache" | out: lpString1="C:\\MSOCache") returned="C:\\MSOCache" [0039.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSOCache", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0039.920] GetProcessHeap () returned 0x570000 [0039.920] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0039.920] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSOCache", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSOCache", lpUsedDefaultChar=0x0) returned 9 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.920] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.921] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSOCache", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.921] lstrcatW (in: lpString1="C:\\MSOCache", lpString2="\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0039.921] GetProcessHeap () returned 0x570000 [0039.921] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58edb0 [0039.922] lstrlenW (lpString="C:\\MSOCache\\") returned 12 [0039.922] GetProcessHeap () returned 0x570000 [0039.922] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x590620 [0039.922] lstrcpyW (in: lpString1=0x590620, lpString2="C:\\MSOCache\\" | out: lpString1="C:\\MSOCache\\") returned="C:\\MSOCache\\" [0039.922] GetProcessHeap () returned 0x570000 [0039.922] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.922] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x814762c0, ftLastWriteTime.dwHighDateTime=0x1d4d5ae, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0039.922] lstrcmpiW (lpString1="pagefile.sys", lpString2=".") returned 1 [0039.922] lstrcmpiW (lpString1="pagefile.sys", lpString2="..") returned 1 [0039.922] lstrcatW (in: lpString1="C:\\", lpString2="pagefile.sys" | out: lpString1="C:\\pagefile.sys") returned="C:\\pagefile.sys" [0039.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pagefile.sys", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.922] GetProcessHeap () returned 0x570000 [0039.922] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0039.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="pagefile.sys", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="pagefile.sys", lpUsedDefaultChar=0x0) returned 13 [0039.922] lstrlenA (lpString="pagefile.sys") returned 12 [0039.922] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.922] lstrlenA (lpString="pagefile.sys") returned 12 [0039.922] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.922] lstrcmpiW (lpString1="pagefile.sys", lpString2="decrypt_files.html") returned 1 [0039.922] lstrcmpiW (lpString1="pagefile.sys", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0039.922] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0039.922] lstrcmpiW (lpString1="pagefile.sys", lpString2="sihvgt.exe") returned -1 [0039.922] _alloca_probe () returned 0x40908b [0039.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\pagefile.sys", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0039.922] GetProcessHeap () returned 0x570000 [0039.922] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x10) returned 0x590f80 [0039.922] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\pagefile.sys", cchWideChar=-1, lpMultiByteStr=0x590f80, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\pagefile.sys", lpUsedDefaultChar=0x0) returned 16 [0039.922] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0039.922] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{F91C4E0E-9A1A-4337-880A-E19D894BFDE7}") returned 38 [0039.923] lstrlenA (lpString="{F91C4E0E-9A1A-4337-880A-E19D894BFDE7}") returned 38 [0039.923] CreateFileW (lpFileName="C:\\pagefile.sys" (normalized: "c:\\pagefile.sys"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0039.923] lstrlenA (lpString="rsa_encrypt") returned 11 [0039.923] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x588ef8) returned 1 [0039.924] CryptGenRandom (in: hProv=0x588ef8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0039.924] CryptReleaseContext (hProv=0x588ef8, dwFlags=0x0) returned 1 [0039.924] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0039.924] GetProcessHeap () returned 0x570000 [0039.924] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588e58 [0039.924] lstrlenA (lpString="010001") returned 6 [0039.924] GetProcessHeap () returned 0x570000 [0039.924] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ede0 [0039.924] GetProcessHeap () returned 0x570000 [0039.924] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588ee0 [0039.924] GetProcessHeap () returned 0x570000 [0039.924] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0039.924] GetProcessHeap () returned 0x570000 [0039.924] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ee0 | out: hHeap=0x570000) returned 1 [0039.924] GetProcessHeap () returned 0x570000 [0039.924] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0039.924] GetProcessHeap () returned 0x570000 [0039.924] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0039.924] GetProcessHeap () returned 0x570000 [0039.924] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58edc0 [0039.924] GetProcessHeap () returned 0x570000 [0039.924] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0039.924] GetProcessHeap () returned 0x570000 [0039.924] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edc0 | out: hHeap=0x570000) returned 1 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x588ee0 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5922e0 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edc0 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ee0 | out: hHeap=0x570000) returned 1 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590fb0 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edc0 | out: hHeap=0x570000) returned 1 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.925] GetProcessHeap () returned 0x570000 [0039.925] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.925] GetProcessHeap () returned 0x570000 [0039.926] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590fb0 | out: hHeap=0x570000) returned 1 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.926] GetProcessHeap () returned 0x570000 [0039.926] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.926] GetProcessHeap () returned 0x570000 [0039.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.927] GetProcessHeap () returned 0x570000 [0039.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.927] GetProcessHeap () returned 0x570000 [0039.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.928] GetProcessHeap () returned 0x570000 [0039.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.928] GetProcessHeap () returned 0x570000 [0039.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.929] GetProcessHeap () returned 0x570000 [0039.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.929] GetProcessHeap () returned 0x570000 [0039.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.930] GetProcessHeap () returned 0x570000 [0039.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.930] GetProcessHeap () returned 0x570000 [0039.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.931] GetProcessHeap () returned 0x570000 [0039.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.931] GetProcessHeap () returned 0x570000 [0039.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.932] GetProcessHeap () returned 0x570000 [0039.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58edf0 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58edf0 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ede0 | out: hHeap=0x570000) returned 1 [0039.933] GetProcessHeap () returned 0x570000 [0039.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588e58 | out: hHeap=0x570000) returned 1 [0039.933] WriteFile (in: hFile=0xffffffff, lpBuffer=0x50b720, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0) returned 0 [0039.933] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0039.933] WriteFile (in: hFile=0xffffffff, lpBuffer=0x40cbe0, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0) returned 0 [0039.933] CloseHandle (hObject=0xffffffff) returned 0 [0039.934] GetProcessHeap () returned 0x570000 [0039.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0039.934] GetProcessHeap () returned 0x570000 [0039.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.934] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0039.934] lstrcmpiW (lpString1="PerfLogs", lpString2=".") returned 1 [0039.934] lstrcmpiW (lpString1="PerfLogs", lpString2="..") returned 1 [0039.934] lstrcatW (in: lpString1="C:\\", lpString2="PerfLogs" | out: lpString1="C:\\PerfLogs") returned="C:\\PerfLogs" [0039.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PerfLogs", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0039.934] GetProcessHeap () returned 0x570000 [0039.934] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0039.934] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PerfLogs", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PerfLogs", lpUsedDefaultChar=0x0) returned 9 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.934] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.935] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PerfLogs", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.936] lstrcatW (in: lpString1="C:\\PerfLogs", lpString2="\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0039.936] GetProcessHeap () returned 0x570000 [0039.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ede0 [0039.936] lstrlenW (lpString="C:\\PerfLogs\\") returned 12 [0039.936] GetProcessHeap () returned 0x570000 [0039.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x590648 [0039.936] lstrcpyW (in: lpString1=0x590648, lpString2="C:\\PerfLogs\\" | out: lpString1="C:\\PerfLogs\\") returned="C:\\PerfLogs\\" [0039.936] GetProcessHeap () returned 0x570000 [0039.936] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.936] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xee2bc700, ftLastAccessTime.dwHighDateTime=0x1d50443, ftLastWriteTime.dwLowDateTime=0xee2bc700, ftLastWriteTime.dwHighDateTime=0x1d50443, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0039.936] lstrcmpiW (lpString1="Program Files", lpString2=".") returned 1 [0039.936] lstrcmpiW (lpString1="Program Files", lpString2="..") returned 1 [0039.936] lstrcatW (in: lpString1="C:\\", lpString2="Program Files" | out: lpString1="C:\\Program Files") returned="C:\\Program Files" [0039.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Program Files", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0039.936] GetProcessHeap () returned 0x570000 [0039.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xe) returned 0x590f68 [0039.936] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Program Files", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Program Files", lpUsedDefaultChar=0x0) returned 14 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0039.936] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.937] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.938] lstrcatW (in: lpString1="C:\\Program Files", lpString2="\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0039.938] GetProcessHeap () returned 0x570000 [0039.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58edf0 [0039.938] lstrlenW (lpString="C:\\Program Files\\") returned 17 [0039.938] GetProcessHeap () returned 0x570000 [0039.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x24) returned 0x588e58 [0039.938] lstrcpyW (in: lpString1=0x588e58, lpString2="C:\\Program Files\\" | out: lpString1="C:\\Program Files\\") returned="C:\\Program Files\\" [0039.938] GetProcessHeap () returned 0x570000 [0039.938] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.938] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0039.938] lstrcmpiW (lpString1="Program Files (x86)", lpString2=".") returned 1 [0039.938] lstrcmpiW (lpString1="Program Files (x86)", lpString2="..") returned 1 [0039.938] lstrcatW (in: lpString1="C:\\", lpString2="Program Files (x86)" | out: lpString1="C:\\Program Files (x86)") returned="C:\\Program Files (x86)" [0039.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Program Files (x86)", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0039.938] GetProcessHeap () returned 0x570000 [0039.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x14) returned 0x58fdc0 [0039.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Program Files (x86)", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Program Files (x86)", lpUsedDefaultChar=0x0) returned 20 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.938] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.939] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Program Files (x86)", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.940] lstrcatW (in: lpString1="C:\\Program Files (x86)", lpString2="\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0039.940] GetProcessHeap () returned 0x570000 [0039.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58edc0 [0039.940] lstrlenW (lpString="C:\\Program Files (x86)\\") returned 23 [0039.940] GetProcessHeap () returned 0x570000 [0039.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x588e88 [0039.940] lstrcpyW (in: lpString1=0x588e88, lpString2="C:\\Program Files (x86)\\" | out: lpString1="C:\\Program Files (x86)\\") returned="C:\\Program Files (x86)\\" [0039.940] GetProcessHeap () returned 0x570000 [0039.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0039.940] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0039.940] lstrcmpiW (lpString1="ProgramData", lpString2=".") returned 1 [0039.940] lstrcmpiW (lpString1="ProgramData", lpString2="..") returned 1 [0039.940] lstrcatW (in: lpString1="C:\\", lpString2="ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0039.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ProgramData", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.940] GetProcessHeap () returned 0x570000 [0039.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0039.940] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ProgramData", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ProgramData", lpUsedDefaultChar=0x0) returned 12 [0039.940] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.941] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="ProgramData", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 2 [0039.942] GetProcessHeap () returned 0x570000 [0039.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.942] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0039.942] lstrcmpiW (lpString1="Recovery", lpString2=".") returned 1 [0039.942] lstrcmpiW (lpString1="Recovery", lpString2="..") returned 1 [0039.942] lstrcatW (in: lpString1="C:\\", lpString2="Recovery" | out: lpString1="C:\\Recovery") returned="C:\\Recovery" [0039.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Recovery", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0039.942] GetProcessHeap () returned 0x570000 [0039.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0039.942] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Recovery", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Recovery", lpUsedDefaultChar=0x0) returned 9 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.942] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.943] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recovery", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0039.944] lstrcatW (in: lpString1="C:\\Recovery", lpString2="\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0039.944] GetProcessHeap () returned 0x570000 [0039.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee00 [0039.944] lstrlenW (lpString="C:\\Recovery\\") returned 12 [0039.944] GetProcessHeap () returned 0x570000 [0039.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x590670 [0039.944] lstrcpyW (in: lpString1=0x590670, lpString2="C:\\Recovery\\" | out: lpString1="C:\\Recovery\\") returned="C:\\Recovery\\" [0039.944] GetProcessHeap () returned 0x570000 [0039.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.944] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0039.944] lstrcmpiW (lpString1="System Volume Information", lpString2=".") returned 1 [0039.944] lstrcmpiW (lpString1="System Volume Information", lpString2="..") returned 1 [0039.944] lstrcatW (in: lpString1="C:\\", lpString2="System Volume Information" | out: lpString1="C:\\System Volume Information") returned="C:\\System Volume Information" [0039.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System Volume Information", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 26 [0039.944] GetProcessHeap () returned 0x570000 [0039.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1a) returned 0x590698 [0039.944] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="System Volume Information", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System Volume Information", lpUsedDefaultChar=0x0) returned 26 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.944] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 3 [0039.945] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="System Volume Information", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 2 [0039.946] GetProcessHeap () returned 0x570000 [0039.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0039.946] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0039.946] lstrcmpiW (lpString1="Users", lpString2=".") returned 1 [0039.946] lstrcmpiW (lpString1="Users", lpString2="..") returned 1 [0039.946] lstrcatW (in: lpString1="C:\\", lpString2="Users" | out: lpString1="C:\\Users") returned="C:\\Users" [0039.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Users", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0039.946] GetProcessHeap () returned 0x570000 [0039.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x6) returned 0x58ee10 [0039.946] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Users", cchWideChar=-1, lpMultiByteStr=0x58ee10, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Users", lpUsedDefaultChar=0x0) returned 6 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.946] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.947] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Users", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0039.947] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0039.947] GetProcessHeap () returned 0x570000 [0039.947] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee20 [0039.947] lstrlenW (lpString="C:\\Users\\") returned 9 [0039.948] GetProcessHeap () returned 0x570000 [0039.948] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x14) returned 0x58fdc0 [0039.948] lstrcpyW (in: lpString1=0x58fdc0, lpString2="C:\\Users\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0039.948] GetProcessHeap () returned 0x570000 [0039.948] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee10 | out: hHeap=0x570000) returned 1 [0039.948] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0039.948] lstrcmpiW (lpString1="Windows", lpString2=".") returned 1 [0039.948] lstrcmpiW (lpString1="Windows", lpString2="..") returned 1 [0039.948] lstrcatW (in: lpString1="C:\\", lpString2="Windows" | out: lpString1="C:\\Windows") returned="C:\\Windows" [0039.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Windows", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.948] GetProcessHeap () returned 0x570000 [0039.948] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee10 [0039.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Windows", cchWideChar=-1, lpMultiByteStr=0x58ee10, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows", lpUsedDefaultChar=0x0) returned 8 [0039.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 2 [0039.948] GetProcessHeap () returned 0x570000 [0039.948] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee10 | out: hHeap=0x570000) returned 1 [0039.948] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0039.948] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0039.948] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0039.948] GetProcessHeap () returned 0x570000 [0039.948] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0039.948] GetProcessHeap () returned 0x570000 [0039.948] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee20 | out: hHeap=0x570000) returned 1 [0039.948] lstrlenW (lpString="C:\\Users\\") returned 9 [0039.948] lstrcatW (in: lpString1="C:\\Users\\", lpString2="*" | out: lpString1="C:\\Users\\*") returned="C:\\Users\\*" [0039.948] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0039.949] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.949] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.949] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.949] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.949] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0039.949] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2=".") returned 1 [0039.949] lstrcmpiW (lpString1="5p5NrGJn0jS HALPmcxz", lpString2="..") returned 1 [0039.949] lstrcatW (in: lpString1="C:\\Users\\", lpString2="5p5NrGJn0jS HALPmcxz" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz" [0039.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5p5NrGJn0jS HALPmcxz", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.949] GetProcessHeap () returned 0x570000 [0039.949] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x15) returned 0x58fdc0 [0039.949] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="5p5NrGJn0jS HALPmcxz", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="5p5NrGJn0jS HALPmcxz", lpUsedDefaultChar=0x0) returned 21 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="5p5NrGJn0jS HALPmcxz", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.951] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0039.951] GetProcessHeap () returned 0x570000 [0039.951] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee20 [0039.951] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 30 [0039.951] GetProcessHeap () returned 0x570000 [0039.951] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3e) returned 0x587620 [0039.951] lstrcpyW (in: lpString1=0x587620, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\" [0039.951] GetProcessHeap () returned 0x570000 [0039.951] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0039.951] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0039.951] lstrcmpiW (lpString1="All Users", lpString2=".") returned 1 [0039.951] lstrcmpiW (lpString1="All Users", lpString2="..") returned 1 [0039.951] lstrcatW (in: lpString1="C:\\Users\\", lpString2="All Users" | out: lpString1="C:\\Users\\All Users") returned="C:\\Users\\All Users" [0039.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="All Users", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0039.951] GetProcessHeap () returned 0x570000 [0039.951] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0039.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="All Users", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="All Users", lpUsedDefaultChar=0x0) returned 10 [0039.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0039.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="All Users", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.953] lstrcatW (in: lpString1="C:\\Users\\All Users", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0039.953] GetProcessHeap () returned 0x570000 [0039.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee10 [0039.953] lstrlenW (lpString="C:\\Users\\All Users\\") returned 19 [0039.953] GetProcessHeap () returned 0x570000 [0039.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x28) returned 0x588ec0 [0039.953] lstrcpyW (in: lpString1=0x588ec0, lpString2="C:\\Users\\All Users\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0039.953] GetProcessHeap () returned 0x570000 [0039.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.953] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0039.953] lstrcmpiW (lpString1="Default", lpString2=".") returned 1 [0039.953] lstrcmpiW (lpString1="Default", lpString2="..") returned 1 [0039.953] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Default" | out: lpString1="C:\\Users\\Default") returned="C:\\Users\\Default" [0039.953] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Default", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.954] GetProcessHeap () returned 0x570000 [0039.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee30 [0039.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Default", cchWideChar=-1, lpMultiByteStr=0x58ee30, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Default", lpUsedDefaultChar=0x0) returned 8 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.955] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0039.955] GetProcessHeap () returned 0x570000 [0039.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee40 [0039.955] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0039.955] GetProcessHeap () returned 0x570000 [0039.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x24) returned 0x588ef0 [0039.955] lstrcpyW (in: lpString1=0x588ef0, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0039.955] GetProcessHeap () returned 0x570000 [0039.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0039.955] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0039.956] lstrcmpiW (lpString1="Default User", lpString2=".") returned 1 [0039.956] lstrcmpiW (lpString1="Default User", lpString2="..") returned 1 [0039.956] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Default User" | out: lpString1="C:\\Users\\Default User") returned="C:\\Users\\Default User" [0039.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Default User", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0039.956] GetProcessHeap () returned 0x570000 [0039.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0039.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Default User", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Default User", lpUsedDefaultChar=0x0) returned 13 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0039.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Default User", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.957] lstrcatW (in: lpString1="C:\\Users\\Default User", lpString2="\\" | out: lpString1="C:\\Users\\Default User\\") returned="C:\\Users\\Default User\\" [0039.957] GetProcessHeap () returned 0x570000 [0039.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee30 [0039.957] lstrlenW (lpString="C:\\Users\\Default User\\") returned 22 [0039.957] GetProcessHeap () returned 0x570000 [0039.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2e) returned 0x588f20 [0039.958] lstrcpyW (in: lpString1=0x588f20, lpString2="C:\\Users\\Default User\\" | out: lpString1="C:\\Users\\Default User\\") returned="C:\\Users\\Default User\\" [0039.958] GetProcessHeap () returned 0x570000 [0039.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.958] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.958] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.958] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.958] lstrcatW (in: lpString1="C:\\Users\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\desktop.ini") returned="C:\\Users\\desktop.ini" [0039.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.958] GetProcessHeap () returned 0x570000 [0039.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0039.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0039.958] lstrlenA (lpString="desktop.ini") returned 11 [0039.958] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.958] lstrlenA (lpString="desktop.ini") returned 11 [0039.958] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.958] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0039.958] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0039.958] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0039.958] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0039.958] _alloca_probe () returned 0x40908b [0039.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0039.958] GetProcessHeap () returned 0x570000 [0039.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x15) returned 0x58fdc0 [0039.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\desktop.ini", lpUsedDefaultChar=0x0) returned 21 [0039.958] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0039.958] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{4035CD73-EC3C-4616-BD98-8E53FBFFA4B9}") returned 38 [0039.958] lstrlenA (lpString="{4035CD73-EC3C-4616-BD98-8E53FBFFA4B9}") returned 38 [0039.959] CreateFileW (lpFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0039.959] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=174) returned 1 [0039.959] lstrlenA (lpString="{4035CD73-EC3C-4616-BD98-8E53FBFFA4B9}") returned 38 [0039.959] GetProcessHeap () returned 0x570000 [0039.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5922e0 [0039.959] GetProcessHeap () returned 0x570000 [0039.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592358 [0039.959] lstrlenA (lpString="C:\\Users\\desktop.ini") returned 20 [0039.970] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0xae, lpOverlapped=0x0) returned 1 [0039.971] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0039.971] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0xb0, lpOverlapped=0x0) returned 1 [0039.971] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0039.971] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0039.971] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0039.971] lstrlenA (lpString="rsa_encrypt") returned 11 [0039.971] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5923e0) returned 1 [0039.972] CryptGenRandom (in: hProv=0x5923e0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0039.972] CryptReleaseContext (hProv=0x5923e0, dwFlags=0x0) returned 1 [0039.972] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0039.972] GetProcessHeap () returned 0x570000 [0039.972] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923e0 [0039.972] lstrlenA (lpString="010001") returned 6 [0039.972] GetProcessHeap () returned 0x570000 [0039.972] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee50 [0039.972] GetProcessHeap () returned 0x570000 [0039.972] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee60 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5924f0 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee60 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0039.973] GetProcessHeap () returned 0x570000 [0039.973] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0039.973] GetProcessHeap () returned 0x570000 [0039.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.974] GetProcessHeap () returned 0x570000 [0039.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.974] GetProcessHeap () returned 0x570000 [0039.975] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.975] GetProcessHeap () returned 0x570000 [0039.975] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.976] GetProcessHeap () returned 0x570000 [0039.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.977] GetProcessHeap () returned 0x570000 [0039.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.978] GetProcessHeap () returned 0x570000 [0039.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.979] GetProcessHeap () returned 0x570000 [0039.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.980] GetProcessHeap () returned 0x570000 [0039.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.981] GetProcessHeap () returned 0x570000 [0039.981] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.981] GetProcessHeap () returned 0x570000 [0039.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.981] GetProcessHeap () returned 0x570000 [0039.981] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.981] GetProcessHeap () returned 0x570000 [0039.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0039.981] GetProcessHeap () returned 0x570000 [0039.981] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.981] GetProcessHeap () returned 0x570000 [0039.981] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0039.981] GetProcessHeap () returned 0x570000 [0039.981] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0039.981] GetProcessHeap () returned 0x570000 [0039.981] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924f0 | out: hHeap=0x570000) returned 1 [0039.981] GetProcessHeap () returned 0x570000 [0039.981] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0039.981] GetProcessHeap () returned 0x570000 [0039.981] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0039.981] GetProcessHeap () returned 0x570000 [0039.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0039.982] GetProcessHeap () returned 0x570000 [0039.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0039.982] GetProcessHeap () returned 0x570000 [0039.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0039.982] GetProcessHeap () returned 0x570000 [0039.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0039.982] GetProcessHeap () returned 0x570000 [0039.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0039.982] GetProcessHeap () returned 0x570000 [0039.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0039.982] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0039.982] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0039.982] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0039.982] CloseHandle (hObject=0x80) returned 1 [0039.983] GetProcessHeap () returned 0x570000 [0039.983] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0039.983] GetProcessHeap () returned 0x570000 [0039.983] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0039.983] GetProcessHeap () returned 0x570000 [0039.983] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592358 | out: hHeap=0x570000) returned 1 [0039.983] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\desktop.ini" | out: lpString1="C:\\Users\\desktop.ini") returned="C:\\Users\\desktop.ini" [0039.983] lstrcatW (in: lpString1="C:\\Users\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\desktop.ini.{Killback@protonmail.com}KBK" [0039.983] MoveFileExW (lpExistingFileName="C:\\Users\\desktop.ini" (normalized: "c:\\users\\desktop.ini"), lpNewFileName="C:\\Users\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0039.984] PathRemoveFileSpecW (in: pszPath="C:\\Users\\desktop.ini" | out: pszPath="C:\\Users") returned 1 [0039.984] lstrcatW (in: lpString1="C:\\Users", lpString2="\\" | out: lpString1="C:\\Users\\") returned="C:\\Users\\" [0039.984] lstrcatW (in: lpString1="C:\\Users\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\decrypt_files.html") returned="C:\\Users\\decrypt_files.html" [0039.984] GetFileAttributesW (lpFileName="C:\\Users\\decrypt_files.html" (normalized: "c:\\users\\decrypt_files.html")) returned 0xffffffff [0039.984] CreateFileW (lpFileName="C:\\Users\\decrypt_files.html" (normalized: "c:\\users\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0039.984] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0039.984] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0039.985] CloseHandle (hObject=0x80) returned 1 [0039.986] GetProcessHeap () returned 0x570000 [0039.986] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0039.986] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5d3b530, ftLastAccessTime.dwHighDateTime=0x1d50443, ftLastWriteTime.dwLowDateTime=0xf5d3b530, ftLastWriteTime.dwHighDateTime=0x1d50443, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0039.986] lstrcmpiW (lpString1="Public", lpString2=".") returned 1 [0039.986] lstrcmpiW (lpString1="Public", lpString2="..") returned 1 [0039.986] lstrcatW (in: lpString1="C:\\Users\\", lpString2="Public" | out: lpString1="C:\\Users\\Public") returned="C:\\Users\\Public" [0039.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Public", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0039.986] GetProcessHeap () returned 0x570000 [0039.986] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58ee50 [0039.986] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Public", cchWideChar=-1, lpMultiByteStr=0x58ee50, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Public", lpUsedDefaultChar=0x0) returned 7 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Public", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0039.988] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0039.988] GetProcessHeap () returned 0x570000 [0039.988] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee70 [0039.988] lstrlenW (lpString="C:\\Users\\Public\\") returned 16 [0039.988] GetProcessHeap () returned 0x570000 [0039.988] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x22) returned 0x588f58 [0039.988] lstrcpyW (in: lpString1=0x588f58, lpString2="C:\\Users\\Public\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0039.988] GetProcessHeap () returned 0x570000 [0039.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0039.988] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5d3b530, ftLastAccessTime.dwHighDateTime=0x1d50443, ftLastWriteTime.dwLowDateTime=0xf5d3b530, ftLastWriteTime.dwHighDateTime=0x1d50443, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0 [0039.988] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0039.988] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0039.988] GetProcessHeap () returned 0x570000 [0039.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f58 | out: hHeap=0x570000) returned 1 [0039.988] GetProcessHeap () returned 0x570000 [0039.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.988] lstrlenW (lpString="C:\\Users\\Public\\") returned 16 [0039.988] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\*") returned="C:\\Users\\Public\\*" [0039.988] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5d3b530, ftLastAccessTime.dwHighDateTime=0x1d50443, ftLastWriteTime.dwLowDateTime=0xf5d3b530, ftLastWriteTime.dwHighDateTime=0x1d50443, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0039.988] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0039.988] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5d3b530, ftLastAccessTime.dwHighDateTime=0x1d50443, ftLastWriteTime.dwLowDateTime=0xf5d3b530, ftLastWriteTime.dwHighDateTime=0x1d50443, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0039.988] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0039.989] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0039.989] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf5d3b530, ftCreationTime.dwHighDateTime=0x1d50443, ftLastAccessTime.dwLowDateTime=0xf5d3b530, ftLastAccessTime.dwHighDateTime=0x1d50443, ftLastWriteTime.dwLowDateTime=0xf5f045b0, ftLastWriteTime.dwHighDateTime=0x1d50443, nFileSizeHigh=0x0, nFileSizeLow=0x402, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887", cAlternateFileName="93603C~1")) returned 1 [0039.989] lstrcmpiW (lpString1="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887", lpString2=".") returned 1 [0039.989] lstrcmpiW (lpString1="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887", lpString2="..") returned 1 [0039.989] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887" | out: lpString1="C:\\Users\\Public\\93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned="C:\\Users\\Public\\93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887" [0039.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0039.989] GetProcessHeap () returned 0x570000 [0039.989] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x41) returned 0x589108 [0039.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887", cchWideChar=-1, lpMultiByteStr=0x589108, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887", lpUsedDefaultChar=0x0) returned 65 [0039.989] lstrlenA (lpString="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 64 [0039.989] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.989] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.989] lstrlenA (lpString="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 64 [0039.989] lstrcmpiA (lpString1="E84CE34898E7A109832B06CDDB887", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0039.989] lstrlenA (lpString="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 64 [0039.989] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.989] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.989] lstrlenA (lpString="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 64 [0039.989] lstrcmpiA (lpString1="E84CE34898E7A109832B06CDDB887", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0039.989] lstrcmpiW (lpString1="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887", lpString2="decrypt_files.html") returned -1 [0039.989] lstrcmpiW (lpString1="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 0 [0039.989] GetProcessHeap () returned 0x570000 [0039.989] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0039.989] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0039.989] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0039.989] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0039.989] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Desktop" | out: lpString1="C:\\Users\\Public\\Desktop") returned="C:\\Users\\Public\\Desktop" [0039.989] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Desktop", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0039.989] GetProcessHeap () returned 0x570000 [0039.989] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee70 [0039.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Desktop", cchWideChar=-1, lpMultiByteStr=0x58ee70, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Desktop", lpUsedDefaultChar=0x0) returned 8 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0039.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0039.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0039.991] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0039.991] GetProcessHeap () returned 0x570000 [0039.991] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee50 [0039.991] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\") returned 24 [0039.991] GetProcessHeap () returned 0x570000 [0039.991] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x588f58 [0039.991] lstrcpyW (in: lpString1=0x588f58, lpString2="C:\\Users\\Public\\Desktop\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0039.991] GetProcessHeap () returned 0x570000 [0039.991] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0039.991] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0039.991] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0039.991] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0039.991] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\desktop.ini") returned="C:\\Users\\Public\\desktop.ini" [0039.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0039.992] GetProcessHeap () returned 0x570000 [0039.992] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0039.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0039.992] lstrlenA (lpString="desktop.ini") returned 11 [0039.992] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.992] lstrlenA (lpString="desktop.ini") returned 11 [0039.992] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0039.992] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0039.992] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0039.992] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0039.992] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0039.992] _alloca_probe () returned 0x40908b [0039.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0039.992] GetProcessHeap () returned 0x570000 [0039.992] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x590698 [0039.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\desktop.ini", lpUsedDefaultChar=0x0) returned 28 [0039.992] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0039.992] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{5CE9407D-1962-4631-9701-341929015881}") returned 38 [0039.992] lstrlenA (lpString="{5CE9407D-1962-4631-9701-341929015881}") returned 38 [0039.992] CreateFileW (lpFileName="C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0039.992] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=174) returned 1 [0039.992] lstrlenA (lpString="{5CE9407D-1962-4631-9701-341929015881}") returned 38 [0039.992] GetProcessHeap () returned 0x570000 [0039.992] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5922e0 [0039.993] GetProcessHeap () returned 0x570000 [0039.993] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592358 [0039.993] lstrlenA (lpString="C:\\Users\\Public\\desktop.ini") returned 27 [0040.004] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0xae, lpOverlapped=0x0) returned 1 [0040.004] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.004] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0xb0, lpOverlapped=0x0) returned 1 [0040.005] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.005] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0040.005] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0040.005] lstrlenA (lpString="rsa_encrypt") returned 11 [0040.005] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592480) returned 1 [0040.006] CryptGenRandom (in: hProv=0x592480, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0040.006] CryptReleaseContext (hProv=0x592480, dwFlags=0x0) returned 1 [0040.006] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0040.006] GetProcessHeap () returned 0x570000 [0040.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923e0 [0040.006] lstrlenA (lpString="010001") returned 6 [0040.006] GetProcessHeap () returned 0x570000 [0040.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee70 [0040.006] GetProcessHeap () returned 0x570000 [0040.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0040.006] GetProcessHeap () returned 0x570000 [0040.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0040.006] GetProcessHeap () returned 0x570000 [0040.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0040.006] GetProcessHeap () returned 0x570000 [0040.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0040.006] GetProcessHeap () returned 0x570000 [0040.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0040.006] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee60 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5924f0 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee60 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0040.007] GetProcessHeap () returned 0x570000 [0040.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.007] GetProcessHeap () returned 0x570000 [0040.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.008] GetProcessHeap () returned 0x570000 [0040.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.008] GetProcessHeap () returned 0x570000 [0040.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.009] GetProcessHeap () returned 0x570000 [0040.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.010] GetProcessHeap () returned 0x570000 [0040.010] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.011] GetProcessHeap () returned 0x570000 [0040.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.012] GetProcessHeap () returned 0x570000 [0040.012] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.012] GetProcessHeap () returned 0x570000 [0040.013] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.013] GetProcessHeap () returned 0x570000 [0040.013] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.013] GetProcessHeap () returned 0x570000 [0040.013] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.013] GetProcessHeap () returned 0x570000 [0040.013] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.013] GetProcessHeap () returned 0x570000 [0040.013] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.013] GetProcessHeap () returned 0x570000 [0040.013] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.013] GetProcessHeap () returned 0x570000 [0040.013] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.013] GetProcessHeap () returned 0x570000 [0040.013] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.014] GetProcessHeap () returned 0x570000 [0040.014] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924f0 | out: hHeap=0x570000) returned 1 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0040.015] GetProcessHeap () returned 0x570000 [0040.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0040.016] GetProcessHeap () returned 0x570000 [0040.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0040.016] GetProcessHeap () returned 0x570000 [0040.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0040.016] GetProcessHeap () returned 0x570000 [0040.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0040.016] GetProcessHeap () returned 0x570000 [0040.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0040.016] GetProcessHeap () returned 0x570000 [0040.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0040.016] GetProcessHeap () returned 0x570000 [0040.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0040.016] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0040.016] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0040.016] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0040.016] CloseHandle (hObject=0x80) returned 1 [0040.017] GetProcessHeap () returned 0x570000 [0040.017] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0040.017] GetProcessHeap () returned 0x570000 [0040.017] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0040.017] GetProcessHeap () returned 0x570000 [0040.017] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592358 | out: hHeap=0x570000) returned 1 [0040.017] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\desktop.ini" | out: lpString1="C:\\Users\\Public\\desktop.ini") returned="C:\\Users\\Public\\desktop.ini" [0040.017] lstrcatW (in: lpString1="C:\\Users\\Public\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\desktop.ini.{Killback@protonmail.com}KBK" [0040.017] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\desktop.ini" (normalized: "c:\\users\\public\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0040.018] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\desktop.ini" | out: pszPath="C:\\Users\\Public") returned 1 [0040.018] lstrcatW (in: lpString1="C:\\Users\\Public", lpString2="\\" | out: lpString1="C:\\Users\\Public\\") returned="C:\\Users\\Public\\" [0040.018] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\decrypt_files.html") returned="C:\\Users\\Public\\decrypt_files.html" [0040.018] GetFileAttributesW (lpFileName="C:\\Users\\Public\\decrypt_files.html" (normalized: "c:\\users\\public\\decrypt_files.html")) returned 0xffffffff [0040.018] CreateFileW (lpFileName="C:\\Users\\Public\\decrypt_files.html" (normalized: "c:\\users\\public\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0040.019] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0040.019] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0040.020] CloseHandle (hObject=0x80) returned 1 [0040.020] GetProcessHeap () returned 0x570000 [0040.020] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0040.020] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0040.020] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0040.020] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0040.020] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Documents" | out: lpString1="C:\\Users\\Public\\Documents") returned="C:\\Users\\Public\\Documents" [0040.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Documents", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0040.020] GetProcessHeap () returned 0x570000 [0040.020] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0040.020] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Documents", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Documents", lpUsedDefaultChar=0x0) returned 10 [0040.020] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0040.020] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0040.020] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0040.020] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0040.020] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0040.020] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0040.021] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0040.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0040.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0040.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0040.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0040.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0040.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0040.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0040.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0040.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0040.022] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0040.022] GetProcessHeap () returned 0x570000 [0040.022] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee70 [0040.022] lstrlenW (lpString="C:\\Users\\Public\\Documents\\") returned 26 [0040.022] GetProcessHeap () returned 0x570000 [0040.022] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x5922e0 [0040.022] lstrcpyW (in: lpString1=0x5922e0, lpString2="C:\\Users\\Public\\Documents\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0040.022] GetProcessHeap () returned 0x570000 [0040.022] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0040.022] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0040.022] lstrcmpiW (lpString1="Downloads", lpString2=".") returned 1 [0040.022] lstrcmpiW (lpString1="Downloads", lpString2="..") returned 1 [0040.022] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Downloads" | out: lpString1="C:\\Users\\Public\\Downloads") returned="C:\\Users\\Public\\Downloads" [0040.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Downloads", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0040.022] GetProcessHeap () returned 0x570000 [0040.023] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0040.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Downloads", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Downloads", lpUsedDefaultChar=0x0) returned 10 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0040.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0040.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0040.024] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0040.024] GetProcessHeap () returned 0x570000 [0040.024] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee80 [0040.024] lstrlenW (lpString="C:\\Users\\Public\\Downloads\\") returned 26 [0040.024] GetProcessHeap () returned 0x570000 [0040.024] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x592320 [0040.024] lstrcpyW (in: lpString1=0x592320, lpString2="C:\\Users\\Public\\Downloads\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0040.024] GetProcessHeap () returned 0x570000 [0040.024] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0040.024] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0040.024] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0040.025] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0040.025] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Favorites" | out: lpString1="C:\\Users\\Public\\Favorites") returned="C:\\Users\\Public\\Favorites" [0040.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Favorites", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0040.025] GetProcessHeap () returned 0x570000 [0040.025] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0040.025] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Favorites", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Favorites", lpUsedDefaultChar=0x0) returned 10 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0040.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0040.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0040.026] lstrcatW (in: lpString1="C:\\Users\\Public\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Favorites\\") returned="C:\\Users\\Public\\Favorites\\" [0040.026] GetProcessHeap () returned 0x570000 [0040.026] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee60 [0040.026] lstrlenW (lpString="C:\\Users\\Public\\Favorites\\") returned 26 [0040.026] GetProcessHeap () returned 0x570000 [0040.026] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x592360 [0040.027] lstrcpyW (in: lpString1=0x592360, lpString2="C:\\Users\\Public\\Favorites\\" | out: lpString1="C:\\Users\\Public\\Favorites\\") returned="C:\\Users\\Public\\Favorites\\" [0040.027] GetProcessHeap () returned 0x570000 [0040.027] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0040.027] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0040.027] lstrcmpiW (lpString1="Libraries", lpString2=".") returned 1 [0040.027] lstrcmpiW (lpString1="Libraries", lpString2="..") returned 1 [0040.027] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Libraries" | out: lpString1="C:\\Users\\Public\\Libraries") returned="C:\\Users\\Public\\Libraries" [0040.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Libraries", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0040.027] GetProcessHeap () returned 0x570000 [0040.027] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0040.027] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Libraries", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Libraries", lpUsedDefaultChar=0x0) returned 10 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0040.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0040.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Libraries", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0040.029] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0040.029] GetProcessHeap () returned 0x570000 [0040.029] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee90 [0040.029] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\") returned 26 [0040.029] GetProcessHeap () returned 0x570000 [0040.029] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x5923a0 [0040.029] lstrcpyW (in: lpString1=0x5923a0, lpString2="C:\\Users\\Public\\Libraries\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0040.029] GetProcessHeap () returned 0x570000 [0040.029] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0040.029] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0040.029] lstrcmpiW (lpString1="Music", lpString2=".") returned 1 [0040.029] lstrcmpiW (lpString1="Music", lpString2="..") returned 1 [0040.029] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Music" | out: lpString1="C:\\Users\\Public\\Music") returned="C:\\Users\\Public\\Music" [0040.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Music", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0040.029] GetProcessHeap () returned 0x570000 [0040.029] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x6) returned 0x58eea0 [0040.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Music", cchWideChar=-1, lpMultiByteStr=0x58eea0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Music", lpUsedDefaultChar=0x0) returned 6 [0040.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0040.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0040.031] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0040.031] lstrcatW (in: lpString1="C:\\Users\\Public\\Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0040.031] GetProcessHeap () returned 0x570000 [0040.031] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eeb0 [0040.031] lstrlenW (lpString="C:\\Users\\Public\\Music\\") returned 22 [0040.031] GetProcessHeap () returned 0x570000 [0040.031] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2e) returned 0x5923e0 [0040.031] lstrcpyW (in: lpString1=0x5923e0, lpString2="C:\\Users\\Public\\Music\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0040.031] GetProcessHeap () returned 0x570000 [0040.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0040.031] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0040.031] lstrcmpiW (lpString1="Pictures", lpString2=".") returned 1 [0040.031] lstrcmpiW (lpString1="Pictures", lpString2="..") returned 1 [0040.031] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Pictures" | out: lpString1="C:\\Users\\Public\\Pictures") returned="C:\\Users\\Public\\Pictures" [0040.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Pictures", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0040.032] GetProcessHeap () returned 0x570000 [0040.032] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0040.032] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Pictures", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pictures", lpUsedDefaultChar=0x0) returned 9 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0040.032] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0040.033] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0040.033] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0040.033] GetProcessHeap () returned 0x570000 [0040.033] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eea0 [0040.033] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\") returned 25 [0040.033] GetProcessHeap () returned 0x570000 [0040.033] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34) returned 0x592418 [0040.033] lstrcpyW (in: lpString1=0x592418, lpString2="C:\\Users\\Public\\Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0040.033] GetProcessHeap () returned 0x570000 [0040.033] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0040.033] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0040.034] lstrcmpiW (lpString1="Recorded TV", lpString2=".") returned 1 [0040.034] lstrcmpiW (lpString1="Recorded TV", lpString2="..") returned 1 [0040.034] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Recorded TV" | out: lpString1="C:\\Users\\Public\\Recorded TV") returned="C:\\Users\\Public\\Recorded TV" [0040.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Recorded TV", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0040.034] GetProcessHeap () returned 0x570000 [0040.034] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0040.034] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Recorded TV", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Recorded TV", lpUsedDefaultChar=0x0) returned 12 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0040.034] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0040.035] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recorded TV", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0040.035] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0040.035] GetProcessHeap () returned 0x570000 [0040.035] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eec0 [0040.035] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\") returned 28 [0040.035] GetProcessHeap () returned 0x570000 [0040.036] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3a) returned 0x5876f8 [0040.036] lstrcpyW (in: lpString1=0x5876f8, lpString2="C:\\Users\\Public\\Recorded TV\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0040.036] GetProcessHeap () returned 0x570000 [0040.036] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0040.036] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0040.036] lstrcmpiW (lpString1="Videos", lpString2=".") returned 1 [0040.036] lstrcmpiW (lpString1="Videos", lpString2="..") returned 1 [0040.036] lstrcatW (in: lpString1="C:\\Users\\Public\\", lpString2="Videos" | out: lpString1="C:\\Users\\Public\\Videos") returned="C:\\Users\\Public\\Videos" [0040.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Videos", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0040.036] GetProcessHeap () returned 0x570000 [0040.036] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58eed0 [0040.036] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Videos", cchWideChar=-1, lpMultiByteStr=0x58eed0, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Videos", lpUsedDefaultChar=0x0) returned 7 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0040.036] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0040.037] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0040.038] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0040.038] GetProcessHeap () returned 0x570000 [0040.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eee0 [0040.038] lstrlenW (lpString="C:\\Users\\Public\\Videos\\") returned 23 [0040.038] GetProcessHeap () returned 0x570000 [0040.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x592458 [0040.038] lstrcpyW (in: lpString1=0x592458, lpString2="C:\\Users\\Public\\Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0040.038] GetProcessHeap () returned 0x570000 [0040.038] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.038] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0040.038] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0040.038] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0040.038] GetProcessHeap () returned 0x570000 [0040.038] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0040.038] GetProcessHeap () returned 0x570000 [0040.038] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0040.038] lstrlenW (lpString="C:\\Users\\Public\\Videos\\") returned 23 [0040.038] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Videos\\*") returned="C:\\Users\\Public\\Videos\\*" [0040.038] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0040.038] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.038] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.038] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.039] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.039] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.039] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.039] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.039] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Videos\\desktop.ini") returned="C:\\Users\\Public\\Videos\\desktop.ini" [0040.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0040.039] GetProcessHeap () returned 0x570000 [0040.039] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0040.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0040.039] lstrlenA (lpString="desktop.ini") returned 11 [0040.039] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0040.039] lstrlenA (lpString="desktop.ini") returned 11 [0040.039] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0040.039] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0040.039] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0040.039] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0040.039] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0040.039] _alloca_probe () returned 0x40908b [0040.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Videos\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0040.039] GetProcessHeap () returned 0x570000 [0040.039] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x23) returned 0x592458 [0040.039] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Videos\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x592458, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Videos\\desktop.ini", lpUsedDefaultChar=0x0) returned 35 [0040.039] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0040.039] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{F7AECB71-2744-493B-8F1E-770698DCF7E3}") returned 38 [0040.039] lstrlenA (lpString="{F7AECB71-2744-493B-8F1E-770698DCF7E3}") returned 38 [0040.039] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0040.040] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=380) returned 1 [0040.040] lstrlenA (lpString="{F7AECB71-2744-493B-8F1E-770698DCF7E3}") returned 38 [0040.040] GetProcessHeap () returned 0x570000 [0040.040] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592488 [0040.040] GetProcessHeap () returned 0x570000 [0040.040] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592500 [0040.040] lstrlenA (lpString="C:\\Users\\Public\\Videos\\desktop.ini") returned 34 [0040.053] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x17c, lpOverlapped=0x0) returned 1 [0040.054] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.054] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x180, lpOverlapped=0x0) returned 1 [0040.054] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.054] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0040.054] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0040.055] lstrlenA (lpString="rsa_encrypt") returned 11 [0040.055] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592628) returned 1 [0040.055] CryptGenRandom (in: hProv=0x592628, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0040.056] CryptReleaseContext (hProv=0x592628, dwFlags=0x0) returned 1 [0040.056] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592588 [0040.056] lstrlenA (lpString="010001") returned 6 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592610 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592610 | out: hHeap=0x570000) returned 1 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592610 [0040.056] GetProcessHeap () returned 0x570000 [0040.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592698 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592610 | out: hHeap=0x570000) returned 1 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0040.057] GetProcessHeap () returned 0x570000 [0040.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.058] GetProcessHeap () returned 0x570000 [0040.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.058] GetProcessHeap () returned 0x570000 [0040.059] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.059] GetProcessHeap () returned 0x570000 [0040.059] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.059] GetProcessHeap () returned 0x570000 [0040.059] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.059] GetProcessHeap () returned 0x570000 [0040.059] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.059] GetProcessHeap () returned 0x570000 [0040.059] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.059] GetProcessHeap () returned 0x570000 [0040.059] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.059] GetProcessHeap () returned 0x570000 [0040.059] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.059] GetProcessHeap () returned 0x570000 [0040.059] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.059] GetProcessHeap () returned 0x570000 [0040.059] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.059] GetProcessHeap () returned 0x570000 [0040.059] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.060] GetProcessHeap () returned 0x570000 [0040.060] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.061] GetProcessHeap () returned 0x570000 [0040.061] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.062] GetProcessHeap () returned 0x570000 [0040.062] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.062] GetProcessHeap () returned 0x570000 [0040.063] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.063] GetProcessHeap () returned 0x570000 [0040.063] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.064] GetProcessHeap () returned 0x570000 [0040.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592698 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.065] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0040.065] GetProcessHeap () returned 0x570000 [0040.066] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0040.066] GetProcessHeap () returned 0x570000 [0040.066] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0040.066] GetProcessHeap () returned 0x570000 [0040.066] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592588 | out: hHeap=0x570000) returned 1 [0040.066] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0040.066] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0040.066] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0040.066] CloseHandle (hObject=0x80) returned 1 [0040.067] GetProcessHeap () returned 0x570000 [0040.067] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0040.067] GetProcessHeap () returned 0x570000 [0040.067] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592488 | out: hHeap=0x570000) returned 1 [0040.067] GetProcessHeap () returned 0x570000 [0040.067] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592500 | out: hHeap=0x570000) returned 1 [0040.067] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Videos\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Videos\\desktop.ini") returned="C:\\Users\\Public\\Videos\\desktop.ini" [0040.067] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Videos\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Videos\\desktop.ini.{Killback@protonmail.com}KBK" [0040.067] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Videos\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\videos\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0040.068] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Videos\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Videos") returned 1 [0040.068] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\") returned="C:\\Users\\Public\\Videos\\" [0040.068] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Videos\\decrypt_files.html") returned="C:\\Users\\Public\\Videos\\decrypt_files.html" [0040.068] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Videos\\decrypt_files.html" (normalized: "c:\\users\\public\\videos\\decrypt_files.html")) returned 0xffffffff [0040.068] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\decrypt_files.html" (normalized: "c:\\users\\public\\videos\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0040.068] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0040.068] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0040.069] CloseHandle (hObject=0x80) returned 1 [0040.070] GetProcessHeap () returned 0x570000 [0040.070] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0040.070] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0040.070] lstrcmpiW (lpString1="Sample Videos", lpString2=".") returned 1 [0040.070] lstrcmpiW (lpString1="Sample Videos", lpString2="..") returned 1 [0040.070] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\", lpString2="Sample Videos" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos") returned="C:\\Users\\Public\\Videos\\Sample Videos" [0040.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample Videos", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0040.070] GetProcessHeap () returned 0x570000 [0040.070] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xe) returned 0x590f68 [0040.070] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample Videos", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sample Videos", lpUsedDefaultChar=0x0) returned 14 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0040.070] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0040.071] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0040.072] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0040.072] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Videos", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0040.072] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0040.072] GetProcessHeap () returned 0x570000 [0040.072] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eee0 [0040.072] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\") returned 37 [0040.072] GetProcessHeap () returned 0x570000 [0040.072] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4c) returned 0x592458 [0040.072] lstrcpyW (in: lpString1=0x592458, lpString2="C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0040.072] GetProcessHeap () returned 0x570000 [0040.072] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0040.072] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0040.072] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0040.072] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Videos\\Sample Videos\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0040.072] GetProcessHeap () returned 0x570000 [0040.073] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0040.073] GetProcessHeap () returned 0x570000 [0040.073] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0040.073] lstrlenW (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\") returned 37 [0040.073] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\*") returned="C:\\Users\\Public\\Videos\\Sample Videos\\*" [0040.073] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0040.073] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0040.073] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0040.073] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0040.073] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0040.073] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0040.073] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0040.073] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0040.073] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini") returned="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" [0040.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0040.073] GetProcessHeap () returned 0x570000 [0040.073] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0040.073] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0040.073] lstrlenA (lpString="desktop.ini") returned 11 [0040.073] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0040.073] lstrlenA (lpString="desktop.ini") returned 11 [0040.074] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0040.074] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0040.074] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0040.074] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0040.074] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0040.074] _alloca_probe () returned 0x40908b [0040.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 49 [0040.074] GetProcessHeap () returned 0x570000 [0040.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x31) returned 0x592458 [0040.074] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x592458, cbMultiByte=49, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", lpUsedDefaultChar=0x0) returned 49 [0040.074] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0040.074] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{D3AEDC0D-E2FC-4C82-8334-8676D310CEBF}") returned 38 [0040.074] lstrlenA (lpString="{D3AEDC0D-E2FC-4C82-8334-8676D310CEBF}") returned 38 [0040.074] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0040.074] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=326) returned 1 [0040.074] lstrlenA (lpString="{D3AEDC0D-E2FC-4C82-8334-8676D310CEBF}") returned 38 [0040.074] GetProcessHeap () returned 0x570000 [0040.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592498 [0040.074] GetProcessHeap () returned 0x570000 [0040.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592510 [0040.074] lstrlenA (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini") returned 48 [0040.088] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x146, lpOverlapped=0x0) returned 1 [0040.089] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.089] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x150, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x150, lpOverlapped=0x0) returned 1 [0040.089] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.089] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0040.089] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0040.089] lstrlenA (lpString="rsa_encrypt") returned 11 [0040.089] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592638) returned 1 [0040.090] CryptGenRandom (in: hProv=0x592638, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0040.090] CryptReleaseContext (hProv=0x592638, dwFlags=0x0) returned 1 [0040.090] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0040.090] GetProcessHeap () returned 0x570000 [0040.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592598 [0040.090] lstrlenA (lpString="010001") returned 6 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592620 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592620 | out: hHeap=0x570000) returned 1 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592620 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5926a8 [0040.091] GetProcessHeap () returned 0x570000 [0040.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592620 | out: hHeap=0x570000) returned 1 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0040.092] GetProcessHeap () returned 0x570000 [0040.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.093] GetProcessHeap () returned 0x570000 [0040.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.093] GetProcessHeap () returned 0x570000 [0040.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.094] GetProcessHeap () returned 0x570000 [0040.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.095] GetProcessHeap () returned 0x570000 [0040.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.096] GetProcessHeap () returned 0x570000 [0040.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.096] GetProcessHeap () returned 0x570000 [0040.097] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.097] GetProcessHeap () returned 0x570000 [0040.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.097] GetProcessHeap () returned 0x570000 [0040.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.098] GetProcessHeap () returned 0x570000 [0040.098] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.098] GetProcessHeap () returned 0x570000 [0040.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.099] GetProcessHeap () returned 0x570000 [0040.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0040.099] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926a8 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0040.100] GetProcessHeap () returned 0x570000 [0040.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592598 | out: hHeap=0x570000) returned 1 [0040.100] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0040.100] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0040.101] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0040.101] CloseHandle (hObject=0x80) returned 1 [0040.104] GetProcessHeap () returned 0x570000 [0040.104] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0040.104] GetProcessHeap () returned 0x570000 [0040.105] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592498 | out: hHeap=0x570000) returned 1 [0040.105] GetProcessHeap () returned 0x570000 [0040.105] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592510 | out: hHeap=0x570000) returned 1 [0040.105] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini") returned="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" [0040.105] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.{Killback@protonmail.com}KBK" [0040.105] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\videos\\sample videos\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0040.105] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Videos\\Sample Videos") returned 1 [0040.105] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0040.105] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\decrypt_files.html") returned="C:\\Users\\Public\\Videos\\Sample Videos\\decrypt_files.html" [0040.105] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\decrypt_files.html" (normalized: "c:\\users\\public\\videos\\sample videos\\decrypt_files.html")) returned 0xffffffff [0040.105] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\decrypt_files.html" (normalized: "c:\\users\\public\\videos\\sample videos\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0040.106] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0040.106] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0040.108] CloseHandle (hObject=0x80) returned 1 [0040.108] GetProcessHeap () returned 0x570000 [0040.108] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0040.108] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 1 [0040.108] lstrcmpiW (lpString1="Wildlife.wmv", lpString2=".") returned 1 [0040.108] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="..") returned 1 [0040.108] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\", lpString2="Wildlife.wmv" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" [0040.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wildlife.wmv", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0040.108] GetProcessHeap () returned 0x570000 [0040.108] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0040.108] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Wildlife.wmv", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Wildlife.wmv", lpUsedDefaultChar=0x0) returned 13 [0040.108] lstrlenA (lpString="Wildlife.wmv") returned 12 [0040.108] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0040.108] lstrlenA (lpString="Wildlife.wmv") returned 12 [0040.108] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0040.108] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="decrypt_files.html") returned 1 [0040.108] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0040.109] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0040.109] lstrcmpiW (lpString1="Wildlife.wmv", lpString2="sihvgt.exe") returned 1 [0040.109] _alloca_probe () returned 0x40908b [0040.109] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0040.109] GetProcessHeap () returned 0x570000 [0040.109] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x592458 [0040.109] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", cchWideChar=-1, lpMultiByteStr=0x592458, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpUsedDefaultChar=0x0) returned 50 [0040.109] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0040.109] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{69F184C2-B594-43BB-A181-7112797F7A6B}") returned 38 [0040.109] lstrlenA (lpString="{69F184C2-B594-43BB-A181-7112797F7A6B}") returned 38 [0040.109] CreateFileW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0040.109] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=26246026) returned 1 [0040.109] lstrlenA (lpString="{69F184C2-B594-43BB-A181-7112797F7A6B}") returned 38 [0040.109] GetProcessHeap () returned 0x570000 [0040.109] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592498 [0040.109] GetProcessHeap () returned 0x570000 [0040.109] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592510 [0040.109] lstrlenA (lpString="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned 49 [0040.120] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.149] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.150] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.150] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.255] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.255] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.255] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.255] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.255] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.256] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.256] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.256] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.256] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.256] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.256] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.256] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.256] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.257] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.257] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.257] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.257] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.257] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.257] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.257] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.257] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.258] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.258] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.258] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.258] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.258] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.258] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.258] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.259] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.260] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.260] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.260] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.295] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.295] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.296] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.296] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.297] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.298] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.298] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.299] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.299] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.299] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.300] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.300] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.301] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.301] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.303] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.303] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.304] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.304] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.304] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.305] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.305] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.339] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.339] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.339] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.339] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.340] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.340] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.340] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.340] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.348] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.348] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.348] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.349] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.478] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.478] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.478] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.478] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.592] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.593] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.593] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.593] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.594] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.595] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.595] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.595] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.599] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.599] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.599] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.599] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.600] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.600] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.600] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.600] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.601] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.602] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.602] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.602] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.602] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.602] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.602] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.603] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.643] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.643] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.644] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.644] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.644] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.645] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.645] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.645] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.646] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.646] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.646] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.646] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.646] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.648] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.648] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.648] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.648] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.649] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.649] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.649] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.649] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.650] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.650] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.650] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.689] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.690] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.690] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.690] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.690] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.690] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.691] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.691] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.743] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.744] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.744] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.744] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.745] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.745] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.745] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.745] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.746] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.746] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.747] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.747] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.747] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.748] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.748] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.748] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.748] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.749] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.749] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.749] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.750] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.750] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.751] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.751] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.751] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.751] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.752] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.752] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.752] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.753] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.753] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.753] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.787] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.787] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.787] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.787] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.788] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.789] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.789] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.789] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.827] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.828] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.828] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.828] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.831] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.832] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.832] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.832] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.881] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.882] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.882] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.882] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.882] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.883] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.883] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.883] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.883] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.884] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.884] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.884] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.884] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.885] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.885] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.885] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.886] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.886] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.887] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.887] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.887] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.888] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.888] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.888] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.888] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.891] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.891] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.891] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.891] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.891] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.892] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.892] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.932] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.932] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.933] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.933] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.933] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.933] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.933] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.933] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.936] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.936] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.937] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.937] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.958] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.973] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.974] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.974] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.974] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.975] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.975] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.975] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0040.975] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0040.975] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0040.976] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0040.976] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.021] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.021] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.022] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.022] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.072] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.072] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.072] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.072] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.807] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.807] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.807] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.807] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.822] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.822] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.823] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.823] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.823] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.824] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.824] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.824] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.826] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.826] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.826] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.826] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.827] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.828] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.828] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.828] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.843] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.843] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.843] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.843] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.844] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.844] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.844] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.845] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.845] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.846] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.846] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.846] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.846] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.847] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.847] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.847] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.847] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.848] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.848] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.848] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.848] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.849] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.849] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.849] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.850] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.850] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.850] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.851] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.851] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.852] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.852] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.852] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.852] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.852] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.852] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.853] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.855] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.855] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.855] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.855] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.866] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.867] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.867] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.868] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.868] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.868] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.869] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.870] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.870] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.870] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.870] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.871] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.871] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.871] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.871] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.872] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.872] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.872] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.873] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.873] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.873] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.873] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.874] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.874] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.875] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.875] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.875] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.876] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.876] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.876] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.876] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.877] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.877] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.877] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.877] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.878] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.878] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.878] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.879] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.879] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.879] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.879] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.880] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.880] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.881] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.881] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.881] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.881] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.882] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.882] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.882] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.882] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.883] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.883] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.883] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.884] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.884] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.884] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.884] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.885] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.885] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.886] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.886] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.887] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.887] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.887] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.888] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.888] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.888] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.888] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.889] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.889] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.890] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.890] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.890] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.891] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.891] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.891] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.892] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.892] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.892] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.892] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.893] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.893] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.893] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.894] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.894] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.894] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.895] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.895] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.895] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.896] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.896] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.896] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.896] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.897] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.897] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.897] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.897] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.898] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.898] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.898] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.899] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.899] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.899] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.899] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.900] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.900] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.901] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.901] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.901] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.902] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.902] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.902] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.902] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.903] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.903] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.903] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.906] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.906] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.907] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.907] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.907] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.908] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.908] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.908] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.908] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.909] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.910] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.910] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.910] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.911] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.911] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.911] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.911] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.912] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.912] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.912] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.913] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.913] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.913] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.913] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.914] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.914] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.914] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.915] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.915] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.915] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.915] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.915] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.917] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.917] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.917] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.917] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.917] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.918] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.918] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.918] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.919] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.919] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.919] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.919] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.920] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.920] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.921] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.921] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.921] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.921] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.922] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.922] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.922] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.923] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.923] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.923] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.923] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.924] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.924] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.924] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.924] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.925] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.925] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.925] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.926] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.926] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.926] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.926] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.927] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.927] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.927] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.928] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.928] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.929] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.929] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.929] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.936] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.937] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.937] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.937] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.937] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.937] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.938] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.938] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.952] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.952] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.953] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.953] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.953] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.954] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.954] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.954] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.954] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.954] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.955] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.955] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.955] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.956] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.956] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.956] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.957] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.957] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.957] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.957] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.958] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.958] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.959] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.959] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.959] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.960] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.960] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.960] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.961] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.961] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.961] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.961] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.962] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.962] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.962] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.962] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.963] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.963] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.963] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.963] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.992] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.992] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.993] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.993] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.993] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.993] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.994] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.994] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0041.997] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0041.997] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0041.997] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0041.997] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.001] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.001] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.001] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.002] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.006] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.017] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.017] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.017] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.019] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.020] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.020] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.020] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.020] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.021] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.021] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.021] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.023] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.023] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.023] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.023] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.024] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.024] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.024] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.025] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.027] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.027] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.027] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.027] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.030] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.030] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.030] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.030] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.031] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.031] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.031] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.031] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.032] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.032] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.033] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.033] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.034] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.036] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.039] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.040] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.040] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.041] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.041] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.041] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.049] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.049] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.049] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.049] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.056] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.057] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.057] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.057] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.058] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.059] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.059] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.059] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.059] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.060] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.060] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.060] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.060] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.061] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.061] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.062] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.062] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.062] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.063] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.063] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.063] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.063] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.063] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.063] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.064] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.064] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.064] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.064] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.065] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.065] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.065] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.065] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.066] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.066] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.066] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.066] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.067] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.067] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.067] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.068] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.068] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.068] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.068] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.068] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.069] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.069] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.070] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.070] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.070] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.071] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.071] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.071] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.072] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.072] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.072] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.072] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.073] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.073] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.074] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.074] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.074] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.075] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.075] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.075] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.075] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.076] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.076] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.076] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.077] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.078] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.078] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.078] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.078] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.079] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.079] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.079] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.080] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.080] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.080] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.080] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.096] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.096] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.096] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.097] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.097] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.097] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.097] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.097] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.100] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.100] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.100] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.100] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.101] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.101] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.101] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.101] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.102] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.102] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.102] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.102] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.106] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.106] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.106] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.106] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.107] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.107] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.107] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.107] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.113] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.113] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.113] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.113] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.116] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.117] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.117] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.117] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.117] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.118] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.118] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.118] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.121] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.121] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.122] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.122] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.122] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.122] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.123] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.123] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.124] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.124] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.125] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.125] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.132] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.132] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.138] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.138] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.138] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.139] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.139] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.139] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.140] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.140] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.141] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.141] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.141] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.141] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.142] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.142] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.142] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.142] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.143] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.143] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.143] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.143] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.144] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.144] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.144] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.144] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.145] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.145] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.145] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.145] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.146] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.146] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.146] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.146] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.146] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.147] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.147] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.147] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.147] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.147] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.147] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.163] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.166] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.166] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.166] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.167] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.167] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.167] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.167] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.168] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.168] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.169] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.169] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.169] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.170] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.171] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.171] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.171] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.172] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.172] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.172] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.172] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.173] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.173] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.173] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.174] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.174] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.175] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.175] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.175] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.175] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.176] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.176] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.177] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.178] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.178] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.178] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.179] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.180] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.180] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.180] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.180] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.184] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.184] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.184] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.186] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.186] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.186] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.187] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.187] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.187] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.188] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.188] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.188] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.189] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.189] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.189] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.189] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.190] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.190] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.190] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.191] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.191] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.191] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.191] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.191] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.192] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.192] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.192] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.192] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.194] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.194] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.194] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.195] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.195] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.195] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.195] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.196] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.197] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.197] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.197] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.198] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.198] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.198] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.198] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.199] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.199] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.200] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.200] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.200] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.201] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.201] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.201] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.202] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.202] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.202] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.202] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.202] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.203] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.203] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.203] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.204] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.204] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.205] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.205] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.205] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.206] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.206] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.206] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.207] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.207] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.207] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.207] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.208] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.208] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.208] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.208] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.209] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.209] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.209] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.210] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.210] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.211] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.211] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.211] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.212] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.212] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.212] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.212] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.213] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.213] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.214] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.214] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.214] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.215] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.216] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.217] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.217] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.218] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.218] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.218] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.218] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.219] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.219] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.219] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.219] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.220] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.220] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.221] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.222] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.222] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.222] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.223] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.223] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.224] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.224] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.224] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.225] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.225] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.225] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.225] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.226] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.226] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.226] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.226] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.227] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.227] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.228] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.228] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.228] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.228] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.229] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.229] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.230] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.230] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.230] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.230] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.231] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.231] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.231] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.232] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.232] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.233] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.233] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.233] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.234] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.235] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.235] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.235] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.247] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.248] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.248] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.248] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.251] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.251] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.260] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.260] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.262] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.262] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.263] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.264] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.265] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.266] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.266] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.266] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.267] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.267] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.267] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.267] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.268] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.268] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.269] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.269] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.274] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.275] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.275] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.275] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.275] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.276] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.276] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.276] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.276] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.277] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.277] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.277] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.277] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.278] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.278] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.278] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.278] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.279] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.279] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.279] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.281] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.281] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.281] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.281] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.282] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.282] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.282] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.283] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.283] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.284] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.284] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.284] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.285] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.285] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.285] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.285] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.287] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.287] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.287] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.287] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.288] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.288] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.288] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.288] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.289] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.289] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.290] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.290] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.290] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.291] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.291] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.291] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.292] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.292] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.293] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.294] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.294] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.295] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.295] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.296] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.296] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.298] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.298] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.299] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.299] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.299] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.300] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.300] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.301] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.303] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.303] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.310] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.310] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.310] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.310] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.311] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.312] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.312] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.312] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.312] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.313] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.313] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.313] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.316] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.318] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.318] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.318] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.320] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.321] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.321] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.322] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.325] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.326] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.326] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.326] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.327] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.327] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.327] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.328] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.328] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.328] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.329] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.329] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.329] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.329] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.330] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.330] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.331] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.331] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.331] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.331] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.332] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.332] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.333] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.333] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.334] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.334] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.334] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.334] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.335] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.335] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.336] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.336] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.336] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.337] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.337] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.337] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.338] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.338] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.340] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.340] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.340] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.341] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.341] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.341] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.342] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.342] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.342] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.342] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.343] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.343] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.343] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.344] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.345] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.346] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.346] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.346] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.347] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.347] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.348] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.348] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.349] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.349] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.349] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.349] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.350] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.350] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.350] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.351] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.351] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.352] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.352] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.352] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.353] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.354] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.354] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.354] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.355] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.356] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.356] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.356] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.356] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.357] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.357] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.357] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.366] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.366] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.366] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.366] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.367] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.367] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0042.367] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.367] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0042.368] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.369] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.369] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.370] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.371] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.372] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.372] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.372] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.374] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.374] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.374] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.381] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.382] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.383] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.390] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0042.390] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0042.390] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0042.404] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0042.404] lstrlenA (lpString="rsa_encrypt") returned 11 [0042.404] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592638) returned 1 [0042.405] CryptGenRandom (in: hProv=0x592638, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0042.405] CryptReleaseContext (hProv=0x592638, dwFlags=0x0) returned 1 [0042.405] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0042.405] GetProcessHeap () returned 0x570000 [0042.405] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592598 [0042.405] lstrlenA (lpString="010001") returned 6 [0042.405] GetProcessHeap () returned 0x570000 [0042.405] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0042.405] GetProcessHeap () returned 0x570000 [0042.405] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592620 [0042.405] GetProcessHeap () returned 0x570000 [0042.405] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0042.405] GetProcessHeap () returned 0x570000 [0042.405] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592620 | out: hHeap=0x570000) returned 1 [0042.405] GetProcessHeap () returned 0x570000 [0042.405] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592620 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5926a8 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eed0 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592620 | out: hHeap=0x570000) returned 1 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.406] GetProcessHeap () returned 0x570000 [0042.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0042.406] GetProcessHeap () returned 0x570000 [0042.407] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.407] GetProcessHeap () returned 0x570000 [0042.407] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.407] GetProcessHeap () returned 0x570000 [0042.408] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.408] GetProcessHeap () returned 0x570000 [0042.408] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.408] GetProcessHeap () returned 0x570000 [0042.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.409] GetProcessHeap () returned 0x570000 [0042.409] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.410] GetProcessHeap () returned 0x570000 [0042.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.410] GetProcessHeap () returned 0x570000 [0042.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.411] GetProcessHeap () returned 0x570000 [0042.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.412] GetProcessHeap () returned 0x570000 [0042.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.413] GetProcessHeap () returned 0x570000 [0042.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.413] GetProcessHeap () returned 0x570000 [0042.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926a8 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0042.414] GetProcessHeap () returned 0x570000 [0042.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592598 | out: hHeap=0x570000) returned 1 [0042.414] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0042.414] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0042.415] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0042.415] CloseHandle (hObject=0x80) returned 1 [0043.018] GetProcessHeap () returned 0x570000 [0043.018] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0043.018] GetProcessHeap () returned 0x570000 [0043.018] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592498 | out: hHeap=0x570000) returned 1 [0043.019] GetProcessHeap () returned 0x570000 [0043.019] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592510 | out: hHeap=0x570000) returned 1 [0043.019] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv") returned="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" [0043.019] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.{Killback@protonmail.com}KBK" [0043.019] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), lpNewFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0043.021] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" | out: pszPath="C:\\Users\\Public\\Videos\\Sample Videos") returned 1 [0043.021] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\") returned="C:\\Users\\Public\\Videos\\Sample Videos\\" [0043.021] lstrcatW (in: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Videos\\Sample Videos\\decrypt_files.html") returned="C:\\Users\\Public\\Videos\\Sample Videos\\decrypt_files.html" [0043.021] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\decrypt_files.html" (normalized: "c:\\users\\public\\videos\\sample videos\\decrypt_files.html")) returned 0x20 [0043.021] GetProcessHeap () returned 0x570000 [0043.021] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0043.021] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 0 [0043.021] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0043.021] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Recorded TV\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0043.021] GetProcessHeap () returned 0x570000 [0043.021] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0043.021] GetProcessHeap () returned 0x570000 [0043.021] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0043.021] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\") returned 28 [0043.021] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\*") returned="C:\\Users\\Public\\Recorded TV\\*" [0043.021] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0043.022] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.022] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0043.022] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.022] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.022] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.022] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0043.022] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0043.022] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Recorded TV\\desktop.ini") returned="C:\\Users\\Public\\Recorded TV\\desktop.ini" [0043.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0043.022] GetProcessHeap () returned 0x570000 [0043.022] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0043.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0043.022] lstrlenA (lpString="desktop.ini") returned 11 [0043.022] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0043.022] lstrlenA (lpString="desktop.ini") returned 11 [0043.022] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0043.022] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0043.022] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0043.022] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0043.022] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0043.022] _alloca_probe () returned 0x40908b [0043.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Recorded TV\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0043.022] GetProcessHeap () returned 0x570000 [0043.022] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x28) returned 0x592458 [0043.023] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Recorded TV\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x592458, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Recorded TV\\desktop.ini", lpUsedDefaultChar=0x0) returned 40 [0043.023] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0043.023] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{2C0E90FE-C164-4C50-AA0F-8ACA752D966A}") returned 38 [0043.023] lstrlenA (lpString="{2C0E90FE-C164-4C50-AA0F-8ACA752D966A}") returned 38 [0043.023] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0043.024] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=80) returned 1 [0043.024] lstrlenA (lpString="{2C0E90FE-C164-4C50-AA0F-8ACA752D966A}") returned 38 [0043.024] GetProcessHeap () returned 0x570000 [0043.024] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592488 [0043.024] GetProcessHeap () returned 0x570000 [0043.024] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592500 [0043.024] lstrlenA (lpString="C:\\Users\\Public\\Recorded TV\\desktop.ini") returned 39 [0043.034] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x50, lpOverlapped=0x0) returned 1 [0043.035] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.035] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x50, lpOverlapped=0x0) returned 1 [0043.036] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.036] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0043.036] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0043.036] lstrlenA (lpString="rsa_encrypt") returned 11 [0043.036] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592628) returned 1 [0043.037] CryptGenRandom (in: hProv=0x592628, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0043.037] CryptReleaseContext (hProv=0x592628, dwFlags=0x0) returned 1 [0043.037] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0043.037] GetProcessHeap () returned 0x570000 [0043.037] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592588 [0043.037] lstrlenA (lpString="010001") returned 6 [0043.037] GetProcessHeap () returned 0x570000 [0043.037] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0043.037] GetProcessHeap () returned 0x570000 [0043.037] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592610 [0043.037] GetProcessHeap () returned 0x570000 [0043.037] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0043.037] GetProcessHeap () returned 0x570000 [0043.037] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592610 | out: hHeap=0x570000) returned 1 [0043.037] GetProcessHeap () returned 0x570000 [0043.037] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0043.037] GetProcessHeap () returned 0x570000 [0043.037] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0043.037] GetProcessHeap () returned 0x570000 [0043.037] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592610 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592698 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592610 | out: hHeap=0x570000) returned 1 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.038] GetProcessHeap () returned 0x570000 [0043.038] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.039] GetProcessHeap () returned 0x570000 [0043.039] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.039] GetProcessHeap () returned 0x570000 [0043.040] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.040] GetProcessHeap () returned 0x570000 [0043.040] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.040] GetProcessHeap () returned 0x570000 [0043.041] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.041] GetProcessHeap () returned 0x570000 [0043.041] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.041] GetProcessHeap () returned 0x570000 [0043.042] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.042] GetProcessHeap () returned 0x570000 [0043.042] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.043] GetProcessHeap () returned 0x570000 [0043.043] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.044] GetProcessHeap () returned 0x570000 [0043.044] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.045] GetProcessHeap () returned 0x570000 [0043.045] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592698 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0043.046] GetProcessHeap () returned 0x570000 [0043.046] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592588 | out: hHeap=0x570000) returned 1 [0043.046] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0043.046] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0043.046] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0043.047] CloseHandle (hObject=0x80) returned 1 [0043.048] GetProcessHeap () returned 0x570000 [0043.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0043.048] GetProcessHeap () returned 0x570000 [0043.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592488 | out: hHeap=0x570000) returned 1 [0043.048] GetProcessHeap () returned 0x570000 [0043.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592500 | out: hHeap=0x570000) returned 1 [0043.048] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Recorded TV\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Recorded TV\\desktop.ini") returned="C:\\Users\\Public\\Recorded TV\\desktop.ini" [0043.048] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Recorded TV\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Recorded TV\\desktop.ini.{Killback@protonmail.com}KBK" [0043.048] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\recorded tv\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0043.049] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Recorded TV\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Recorded TV") returned 1 [0043.049] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\") returned="C:\\Users\\Public\\Recorded TV\\" [0043.049] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Recorded TV\\decrypt_files.html") returned="C:\\Users\\Public\\Recorded TV\\decrypt_files.html" [0043.049] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Recorded TV\\decrypt_files.html" (normalized: "c:\\users\\public\\recorded tv\\decrypt_files.html")) returned 0xffffffff [0043.049] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\decrypt_files.html" (normalized: "c:\\users\\public\\recorded tv\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0043.052] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0043.052] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0043.053] CloseHandle (hObject=0x80) returned 1 [0043.054] GetProcessHeap () returned 0x570000 [0043.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0043.054] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0043.054] lstrcmpiW (lpString1="Sample Media", lpString2=".") returned 1 [0043.054] lstrcmpiW (lpString1="Sample Media", lpString2="..") returned 1 [0043.054] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\", lpString2="Sample Media" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media") returned="C:\\Users\\Public\\Recorded TV\\Sample Media" [0043.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample Media", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0043.054] GetProcessHeap () returned 0x570000 [0043.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0043.054] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample Media", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sample Media", lpUsedDefaultChar=0x0) returned 13 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0043.054] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0043.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0043.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0043.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0043.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0043.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0043.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0043.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0043.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0043.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Media", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0043.056] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0043.056] GetProcessHeap () returned 0x570000 [0043.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eec0 [0043.056] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 41 [0043.056] GetProcessHeap () returned 0x570000 [0043.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x54) returned 0x592458 [0043.056] lstrcpyW (in: lpString1=0x592458, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0043.056] GetProcessHeap () returned 0x570000 [0043.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0043.056] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 0 [0043.056] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0043.056] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0043.056] GetProcessHeap () returned 0x570000 [0043.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0043.056] GetProcessHeap () returned 0x570000 [0043.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0043.056] lstrlenW (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned 41 [0043.057] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\*") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\*" [0043.057] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0043.057] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0043.057] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0043.057] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0043.057] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0043.057] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0043.057] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0043.057] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0043.057] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" [0043.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0043.057] GetProcessHeap () returned 0x570000 [0043.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0043.057] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0043.057] lstrlenA (lpString="desktop.ini") returned 11 [0043.057] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0043.057] lstrlenA (lpString="desktop.ini") returned 11 [0043.057] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0043.057] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0043.057] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0043.057] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0043.057] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0043.058] _alloca_probe () returned 0x40908b [0043.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0043.058] GetProcessHeap () returned 0x570000 [0043.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x35) returned 0x592458 [0043.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x592458, cbMultiByte=53, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", lpUsedDefaultChar=0x0) returned 53 [0043.058] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0043.058] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{43EE6C89-3184-430B-85BD-F3ADED7E94E9}") returned 38 [0043.058] lstrlenA (lpString="{43EE6C89-3184-430B-85BD-F3ADED7E94E9}") returned 38 [0043.058] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0043.058] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=171) returned 1 [0043.058] lstrlenA (lpString="{43EE6C89-3184-430B-85BD-F3ADED7E94E9}") returned 38 [0043.058] GetProcessHeap () returned 0x570000 [0043.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592498 [0043.058] GetProcessHeap () returned 0x570000 [0043.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592510 [0043.058] lstrlenA (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini") returned 52 [0043.069] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0xab, lpOverlapped=0x0) returned 1 [0043.070] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.070] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0xb0, lpOverlapped=0x0) returned 1 [0043.070] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.070] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0043.070] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0043.070] lstrlenA (lpString="rsa_encrypt") returned 11 [0043.070] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592638) returned 1 [0043.073] CryptGenRandom (in: hProv=0x592638, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0043.073] CryptReleaseContext (hProv=0x592638, dwFlags=0x0) returned 1 [0043.073] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592598 [0043.073] lstrlenA (lpString="010001") returned 6 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592620 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592620 | out: hHeap=0x570000) returned 1 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.073] GetProcessHeap () returned 0x570000 [0043.073] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0043.073] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592620 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5926a8 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592620 | out: hHeap=0x570000) returned 1 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0043.074] GetProcessHeap () returned 0x570000 [0043.074] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0043.074] GetProcessHeap () returned 0x570000 [0043.075] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.075] GetProcessHeap () returned 0x570000 [0043.075] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.075] GetProcessHeap () returned 0x570000 [0043.076] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.076] GetProcessHeap () returned 0x570000 [0043.076] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.076] GetProcessHeap () returned 0x570000 [0043.077] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.077] GetProcessHeap () returned 0x570000 [0043.077] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.077] GetProcessHeap () returned 0x570000 [0043.078] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.078] GetProcessHeap () returned 0x570000 [0043.078] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.078] GetProcessHeap () returned 0x570000 [0043.079] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.079] GetProcessHeap () returned 0x570000 [0043.079] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.080] GetProcessHeap () returned 0x570000 [0043.080] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.080] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926a8 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0043.081] GetProcessHeap () returned 0x570000 [0043.082] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0043.082] GetProcessHeap () returned 0x570000 [0043.082] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0043.082] GetProcessHeap () returned 0x570000 [0043.082] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592598 | out: hHeap=0x570000) returned 1 [0043.082] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0043.082] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0043.082] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0043.082] CloseHandle (hObject=0x80) returned 1 [0043.084] GetProcessHeap () returned 0x570000 [0043.084] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0043.084] GetProcessHeap () returned 0x570000 [0043.084] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592498 | out: hHeap=0x570000) returned 1 [0043.084] GetProcessHeap () returned 0x570000 [0043.084] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592510 | out: hHeap=0x570000) returned 1 [0043.084] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" [0043.084] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.{Killback@protonmail.com}KBK" [0043.084] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\recorded tv\\sample media\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0043.085] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Recorded TV\\Sample Media") returned 1 [0043.085] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0043.085] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\decrypt_files.html") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\decrypt_files.html" [0043.085] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\decrypt_files.html" (normalized: "c:\\users\\public\\recorded tv\\sample media\\decrypt_files.html")) returned 0xffffffff [0043.085] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\decrypt_files.html" (normalized: "c:\\users\\public\\recorded tv\\sample media\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0043.087] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0043.087] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0043.088] CloseHandle (hObject=0x80) returned 1 [0043.088] GetProcessHeap () returned 0x570000 [0043.088] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0043.088] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0043.088] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".") returned 1 [0043.088] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="..") returned 1 [0043.088] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpString2="win7_scenic-demoshort_raw.wtv" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" [0043.088] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="win7_scenic-demoshort_raw.wtv", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0043.088] GetProcessHeap () returned 0x570000 [0043.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1e) returned 0x590698 [0043.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="win7_scenic-demoshort_raw.wtv", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="win7_scenic-demoshort_raw.wtv", lpUsedDefaultChar=0x0) returned 30 [0043.089] lstrlenA (lpString="win7_scenic-demoshort_raw.wtv") returned 29 [0043.089] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0043.089] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0043.089] lstrlenA (lpString="win7_scenic-demoshort_raw.wtv") returned 29 [0043.089] lstrcmpiA (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0043.089] lstrlenA (lpString="win7_scenic-demoshort_raw.wtv") returned 29 [0043.089] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0043.089] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0043.089] lstrlenA (lpString="win7_scenic-demoshort_raw.wtv") returned 29 [0043.089] lstrcmpiA (lpString1="win7_scenic-demoshort_raw.wtv", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0043.089] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="decrypt_files.html") returned 1 [0043.089] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0043.089] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0043.089] lstrcmpiW (lpString1="win7_scenic-demoshort_raw.wtv", lpString2="sihvgt.exe") returned 1 [0043.089] _alloca_probe () returned 0x40908b [0043.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 71 [0043.089] GetProcessHeap () returned 0x570000 [0043.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x47) returned 0x589108 [0043.089] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", cchWideChar=-1, lpMultiByteStr=0x589108, cbMultiByte=71, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpUsedDefaultChar=0x0) returned 71 [0043.089] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0043.089] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{C657F336-9242-48DB-8021-90DAE143B212}") returned 38 [0043.089] lstrlenA (lpString="{C657F336-9242-48DB-8021-90DAE143B212}") returned 38 [0043.089] CreateFileW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0043.090] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=9699328) returned 1 [0043.090] lstrlenA (lpString="{C657F336-9242-48DB-8021-90DAE143B212}") returned 38 [0043.090] GetProcessHeap () returned 0x570000 [0043.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592458 [0043.090] GetProcessHeap () returned 0x570000 [0043.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d0 [0043.090] lstrlenA (lpString="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned 70 [0043.100] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.119] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.119] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.119] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.119] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.120] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.121] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.121] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.121] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.122] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.122] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.122] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.122] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.122] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.122] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.122] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.122] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.123] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.123] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.123] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.123] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.123] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.123] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.123] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.124] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.124] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.124] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.124] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.124] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.124] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.125] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.126] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.126] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.126] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.126] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.127] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.127] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.127] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.128] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.128] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.128] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.128] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.129] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.129] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.129] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.129] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.130] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.130] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.130] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.130] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.131] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.131] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.132] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.132] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.132] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.133] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.133] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.133] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.134] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.135] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.135] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.135] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.135] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.135] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.136] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.136] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.156] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.157] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.157] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.157] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.157] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.158] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.158] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.158] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.158] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.159] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.159] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.159] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.159] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.160] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.160] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.160] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.160] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.161] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.161] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.161] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.162] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.162] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.162] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.162] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.163] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.163] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.164] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.164] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.164] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.165] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.165] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.165] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.165] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.166] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.166] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.166] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.166] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.167] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.167] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.167] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.170] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.171] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.171] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.171] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.171] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.172] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.172] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.172] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.172] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.173] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.173] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.173] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.173] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.174] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.174] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.176] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.176] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.177] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.177] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.178] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.178] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.178] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.178] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.179] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.179] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.180] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.180] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.180] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.181] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.181] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.181] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.182] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.182] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.182] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.182] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.182] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.182] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.217] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.217] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.218] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.218] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.218] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.219] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.219] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.219] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.219] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.220] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.220] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.220] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.220] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.222] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.222] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.222] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.223] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.223] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.223] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.229] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.229] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.253] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.254] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.254] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.254] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.255] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.256] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.256] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.256] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.257] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.258] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.258] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.258] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.258] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.259] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.259] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.259] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.259] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.260] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.260] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.260] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.261] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.261] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.261] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.261] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.262] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.262] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.262] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.262] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.290] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.290] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.291] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.291] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.291] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.292] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.292] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.292] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.293] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.297] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.302] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.303] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.304] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.305] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.305] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.305] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.306] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.306] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.306] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.306] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.306] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.307] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.307] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.307] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.308] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.308] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.308] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.308] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.309] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.310] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.310] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.310] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.318] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.318] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.318] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.318] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.319] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.319] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.321] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.321] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.321] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.321] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.342] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.342] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.342] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.343] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.343] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.343] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.344] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.344] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.344] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.345] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.345] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.345] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.345] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.346] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.346] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.346] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.346] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.347] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.347] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.347] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.347] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.348] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.348] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.348] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.349] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.349] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.349] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.349] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.350] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.350] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.350] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.351] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.351] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.352] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.352] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.352] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.352] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.352] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.353] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.353] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.355] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.355] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.356] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.356] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.356] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.357] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.357] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.357] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.358] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.358] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.358] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.359] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.359] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.359] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.360] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.360] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.360] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.360] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.360] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.360] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.502] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.503] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.503] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.503] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.503] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.504] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.504] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.504] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.504] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.505] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.505] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.505] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.506] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.506] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.506] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.506] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.507] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.507] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.507] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.507] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.508] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.508] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.508] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.509] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.509] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.512] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.512] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.512] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.513] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.513] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.513] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.513] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.514] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.514] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.514] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.515] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.515] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.516] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.516] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.516] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.516] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.517] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.517] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.517] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.517] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.518] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.518] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.518] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.518] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.519] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.519] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.519] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.537] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.537] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.537] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.537] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.538] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.538] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.539] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.539] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.539] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.539] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.540] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.540] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.540] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.541] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.541] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.541] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.541] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.542] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.542] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.542] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.542] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.542] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.543] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.543] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.580] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.581] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.581] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.581] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.581] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.582] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.582] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.582] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.582] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.583] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.583] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.583] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.583] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.584] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.584] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.584] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.585] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.585] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.586] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.586] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.586] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.586] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.586] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.586] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.621] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.621] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.621] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.621] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.621] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.622] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.622] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.622] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.625] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.626] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.626] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.626] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.626] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.627] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.628] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.628] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.628] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.629] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.629] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.629] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.629] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.630] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.630] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.630] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.631] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.631] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.631] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.631] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.632] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.632] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.633] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.633] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.633] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.633] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.633] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.633] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.692] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.693] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.693] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.693] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.710] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.710] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.710] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.710] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.736] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.737] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.737] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.737] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.744] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.745] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.745] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.745] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.772] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.772] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.773] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.773] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.773] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.774] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.774] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.774] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.774] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.775] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.775] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0043.775] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.775] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0043.776] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.776] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.777] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.778] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.778] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.778] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.844] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.844] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.851] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.851] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.852] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.852] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.858] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.858] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0043.859] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0043.859] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.005] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.005] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.030] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.031] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.031] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.031] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.112] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.112] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.113] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.113] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.114] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.115] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.116] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.116] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.117] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.117] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.118] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.118] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.119] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.119] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.120] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.120] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.121] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.122] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.122] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.123] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.123] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.123] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.124] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.124] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.125] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.125] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.126] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.126] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.128] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.128] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.129] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.129] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.130] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.130] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.131] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.131] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.132] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.132] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.133] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.133] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.137] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.138] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.138] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.139] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.139] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.140] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.140] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.141] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.141] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.142] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.143] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.143] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.144] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.144] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.165] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.166] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.166] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.167] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.168] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.168] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.168] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.168] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.202] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.202] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.203] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.203] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.204] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.204] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.205] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.205] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.215] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.215] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.216] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.216] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.217] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.217] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.218] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.218] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.219] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.219] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.221] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.294] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.294] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.295] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.295] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.296] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.296] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.297] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.298] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.299] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.299] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.300] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.300] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.301] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.301] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.302] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.303] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.303] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.303] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.304] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.305] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.305] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.307] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.307] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.308] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.308] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.308] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.309] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.310] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.310] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.317] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.317] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.318] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.318] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.319] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.319] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.338] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.338] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.418] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.418] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.419] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.420] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.420] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.421] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.421] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.422] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.422] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.422] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.423] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.423] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.436] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.437] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.437] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.438] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.447] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.447] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.448] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.448] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.449] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.449] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.450] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.451] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.451] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.451] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.452] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.452] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.453] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.453] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.454] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.454] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.455] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.455] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.517] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.517] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.519] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.519] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.520] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.520] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.521] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.521] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.522] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.522] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.523] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.523] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.524] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.524] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.525] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.525] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.526] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.526] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.526] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.527] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.528] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.529] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.529] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.530] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.530] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.530] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.534] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.534] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.535] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.535] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.536] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.536] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.537] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.537] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.538] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.538] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.539] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.539] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.542] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.542] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.543] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.543] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.544] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.544] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.544] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.545] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.546] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.546] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.546] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.546] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.548] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.548] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.549] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.549] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.550] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.550] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.635] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.635] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.636] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.636] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.637] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.637] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.637] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.638] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.638] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.639] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.639] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.640] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.640] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.640] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.646] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.646] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.647] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.647] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.650] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.650] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.651] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.651] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.652] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.652] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.652] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.652] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.654] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.654] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.655] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.655] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.662] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.662] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.663] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.663] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.664] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.664] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.665] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.665] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.672] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.672] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.673] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.673] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.674] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.674] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.675] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.675] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.676] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.676] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.677] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.677] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.678] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.678] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.705] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.706] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.709] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.709] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.710] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.710] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.711] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.711] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.713] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.713] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.713] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.714] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.714] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.715] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.715] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.716] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.716] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.717] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.717] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.718] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.718] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.718] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.809] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.809] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.810] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.810] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.811] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.811] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.812] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.812] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.813] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.813] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.814] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.814] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.815] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.815] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.816] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.816] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.817] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.817] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.819] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.819] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.819] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.820] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.821] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.821] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.821] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.822] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.822] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.823] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.823] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.823] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.824] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.824] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.825] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.825] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.826] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.826] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.827] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.827] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.828] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.828] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.829] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.829] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.830] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.830] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.831] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.831] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.835] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.835] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.836] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.836] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.840] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.840] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.840] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.840] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.883] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.883] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.929] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.929] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.930] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.930] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.948] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.948] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0044.965] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0044.965] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.149] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0045.149] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.166] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0045.166] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.167] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0045.167] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.168] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0045.168] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.168] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0045.169] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.170] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0045.170] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.171] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0045.171] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.172] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0045.172] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.173] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0045.173] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.174] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0045.174] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0045.181] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0045.182] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0045.182] lstrlenA (lpString="rsa_encrypt") returned 11 [0045.182] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925f8) returned 1 [0045.183] CryptGenRandom (in: hProv=0x5925f8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0045.183] CryptReleaseContext (hProv=0x5925f8, dwFlags=0x0) returned 1 [0045.183] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0045.183] GetProcessHeap () returned 0x570000 [0045.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0045.183] lstrlenA (lpString="010001") returned 6 [0045.183] GetProcessHeap () returned 0x570000 [0045.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0045.183] GetProcessHeap () returned 0x570000 [0045.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0045.183] GetProcessHeap () returned 0x570000 [0045.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0045.183] GetProcessHeap () returned 0x570000 [0045.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592668 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.184] GetProcessHeap () returned 0x570000 [0045.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0045.184] GetProcessHeap () returned 0x570000 [0045.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.185] GetProcessHeap () returned 0x570000 [0045.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.186] GetProcessHeap () returned 0x570000 [0045.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.186] GetProcessHeap () returned 0x570000 [0045.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.187] GetProcessHeap () returned 0x570000 [0045.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.187] GetProcessHeap () returned 0x570000 [0045.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.188] GetProcessHeap () returned 0x570000 [0045.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.188] GetProcessHeap () returned 0x570000 [0045.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.189] GetProcessHeap () returned 0x570000 [0045.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.190] GetProcessHeap () returned 0x570000 [0045.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592668 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0045.191] GetProcessHeap () returned 0x570000 [0045.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0045.192] GetProcessHeap () returned 0x570000 [0045.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0045.192] GetProcessHeap () returned 0x570000 [0045.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0045.192] GetProcessHeap () returned 0x570000 [0045.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0045.192] GetProcessHeap () returned 0x570000 [0045.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0045.192] GetProcessHeap () returned 0x570000 [0045.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0045.192] GetProcessHeap () returned 0x570000 [0045.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0045.192] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0045.192] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0045.192] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0045.192] CloseHandle (hObject=0x80) returned 1 [0046.842] GetProcessHeap () returned 0x570000 [0046.842] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0046.842] GetProcessHeap () returned 0x570000 [0046.842] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0046.842] GetProcessHeap () returned 0x570000 [0046.842] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0046.842] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" [0046.842] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.{Killback@protonmail.com}KBK" [0046.842] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), lpNewFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0046.843] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" | out: pszPath="C:\\Users\\Public\\Recorded TV\\Sample Media") returned 1 [0046.843] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\" [0046.843] lstrcatW (in: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Recorded TV\\Sample Media\\decrypt_files.html") returned="C:\\Users\\Public\\Recorded TV\\Sample Media\\decrypt_files.html" [0046.843] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\decrypt_files.html" (normalized: "c:\\users\\public\\recorded tv\\sample media\\decrypt_files.html")) returned 0x20 [0046.843] GetProcessHeap () returned 0x570000 [0046.843] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0046.843] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 0 [0046.843] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0046.843] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0046.843] GetProcessHeap () returned 0x570000 [0046.843] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0046.843] GetProcessHeap () returned 0x570000 [0046.843] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0046.843] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\") returned 25 [0046.844] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Pictures\\*") returned="C:\\Users\\Public\\Pictures\\*" [0046.844] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0046.844] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0046.844] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0046.844] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0046.844] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0046.844] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0046.844] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0046.844] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0046.844] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Pictures\\desktop.ini") returned="C:\\Users\\Public\\Pictures\\desktop.ini" [0046.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0046.844] GetProcessHeap () returned 0x570000 [0046.844] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0046.844] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0046.844] lstrlenA (lpString="desktop.ini") returned 11 [0046.844] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0046.844] lstrlenA (lpString="desktop.ini") returned 11 [0046.844] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0046.844] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0046.844] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0046.844] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0046.844] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0046.844] _alloca_probe () returned 0x40908b [0046.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0046.845] GetProcessHeap () returned 0x570000 [0046.845] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x25) returned 0x592418 [0046.845] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x592418, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Pictures\\desktop.ini", lpUsedDefaultChar=0x0) returned 37 [0046.845] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0046.845] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{8AEA8319-9347-4FC4-B40A-759FF5CE9044}") returned 38 [0046.845] lstrlenA (lpString="{8AEA8319-9347-4FC4-B40A-759FF5CE9044}") returned 38 [0046.845] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0046.845] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=380) returned 1 [0046.845] lstrlenA (lpString="{8AEA8319-9347-4FC4-B40A-759FF5CE9044}") returned 38 [0046.845] GetProcessHeap () returned 0x570000 [0046.845] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592448 [0046.845] GetProcessHeap () returned 0x570000 [0046.845] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924c0 [0046.845] lstrlenA (lpString="C:\\Users\\Public\\Pictures\\desktop.ini") returned 36 [0046.871] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x17c, lpOverlapped=0x0) returned 1 [0046.872] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0046.872] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x180, lpOverlapped=0x0) returned 1 [0046.872] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0046.872] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0046.873] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0046.873] lstrlenA (lpString="rsa_encrypt") returned 11 [0046.873] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925e8) returned 1 [0046.874] CryptGenRandom (in: hProv=0x5925e8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0046.874] CryptReleaseContext (hProv=0x5925e8, dwFlags=0x0) returned 1 [0046.874] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592548 [0046.874] lstrlenA (lpString="010001") returned 6 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925d0 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925d0 | out: hHeap=0x570000) returned 1 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0046.874] GetProcessHeap () returned 0x570000 [0046.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925d0 [0046.874] GetProcessHeap () returned 0x570000 [0046.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592658 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925d0 | out: hHeap=0x570000) returned 1 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0046.875] GetProcessHeap () returned 0x570000 [0046.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0046.875] GetProcessHeap () returned 0x570000 [0046.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.876] GetProcessHeap () returned 0x570000 [0046.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.877] GetProcessHeap () returned 0x570000 [0046.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.878] GetProcessHeap () returned 0x570000 [0046.878] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.878] GetProcessHeap () returned 0x570000 [0046.879] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.879] GetProcessHeap () returned 0x570000 [0046.879] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.879] GetProcessHeap () returned 0x570000 [0046.880] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.880] GetProcessHeap () returned 0x570000 [0046.880] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.880] GetProcessHeap () returned 0x570000 [0046.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.881] GetProcessHeap () returned 0x570000 [0046.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592658 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0046.882] GetProcessHeap () returned 0x570000 [0046.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0046.883] GetProcessHeap () returned 0x570000 [0046.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0046.883] GetProcessHeap () returned 0x570000 [0046.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0046.883] GetProcessHeap () returned 0x570000 [0046.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0046.883] GetProcessHeap () returned 0x570000 [0046.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0046.883] GetProcessHeap () returned 0x570000 [0046.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0046.883] GetProcessHeap () returned 0x570000 [0046.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592548 | out: hHeap=0x570000) returned 1 [0046.883] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0046.883] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0046.883] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0046.883] CloseHandle (hObject=0x80) returned 1 [0046.885] GetProcessHeap () returned 0x570000 [0046.885] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0046.885] GetProcessHeap () returned 0x570000 [0046.885] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592448 | out: hHeap=0x570000) returned 1 [0046.885] GetProcessHeap () returned 0x570000 [0046.885] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924c0 | out: hHeap=0x570000) returned 1 [0046.885] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Pictures\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Pictures\\desktop.ini") returned="C:\\Users\\Public\\Pictures\\desktop.ini" [0046.885] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Pictures\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Pictures\\desktop.ini.{Killback@protonmail.com}KBK" [0046.885] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Pictures\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\pictures\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0046.886] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Pictures\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Pictures") returned 1 [0046.886] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\") returned="C:\\Users\\Public\\Pictures\\" [0046.886] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Pictures\\decrypt_files.html") returned="C:\\Users\\Public\\Pictures\\decrypt_files.html" [0046.886] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\decrypt_files.html")) returned 0xffffffff [0046.886] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0046.887] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0046.887] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0046.888] CloseHandle (hObject=0x80) returned 1 [0046.888] GetProcessHeap () returned 0x570000 [0046.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0046.888] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0046.888] lstrcmpiW (lpString1="Sample Pictures", lpString2=".") returned 1 [0046.888] lstrcmpiW (lpString1="Sample Pictures", lpString2="..") returned 1 [0046.888] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\", lpString2="Sample Pictures" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures") returned="C:\\Users\\Public\\Pictures\\Sample Pictures" [0046.888] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample Pictures", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0046.888] GetProcessHeap () returned 0x570000 [0046.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x10) returned 0x590f68 [0046.888] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample Pictures", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sample Pictures", lpUsedDefaultChar=0x0) returned 16 [0046.888] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0046.889] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0046.890] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Pictures", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0046.890] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0046.890] GetProcessHeap () returned 0x570000 [0046.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eea0 [0046.890] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0046.890] GetProcessHeap () returned 0x570000 [0046.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x54) returned 0x592418 [0046.890] lstrcpyW (in: lpString1=0x592418, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0046.890] GetProcessHeap () returned 0x570000 [0046.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0046.890] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0046.890] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0046.890] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0046.890] GetProcessHeap () returned 0x570000 [0046.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0046.891] GetProcessHeap () returned 0x570000 [0046.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0046.891] lstrlenW (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned 41 [0046.891] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\*") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\*" [0046.891] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0047.049] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0047.049] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0047.049] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0047.049] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0047.049] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0047.049] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2=".") returned 1 [0047.049] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="..") returned 1 [0047.049] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Chrysanthemum.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" [0047.049] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Chrysanthemum.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0047.049] GetProcessHeap () returned 0x570000 [0047.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12) returned 0x58fdc0 [0047.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Chrysanthemum.jpg", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Chrysanthemum.jpg", lpUsedDefaultChar=0x0) returned 18 [0047.068] lstrlenA (lpString="Chrysanthemum.jpg") returned 17 [0047.068] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0047.068] lstrlenA (lpString="Chrysanthemum.jpg") returned 17 [0047.068] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0047.068] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="decrypt_files.html") returned -1 [0047.068] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0047.068] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0047.068] lstrcmpiW (lpString1="Chrysanthemum.jpg", lpString2="sihvgt.exe") returned -1 [0047.069] _alloca_probe () returned 0x40908b [0047.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0047.069] GetProcessHeap () returned 0x570000 [0047.069] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3b) returned 0x5876f8 [0047.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", cchWideChar=-1, lpMultiByteStr=0x5876f8, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpUsedDefaultChar=0x0) returned 59 [0047.069] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0047.069] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{7163E0B9-BA59-4A64-8653-EB910D1BB458}") returned 38 [0047.069] lstrlenA (lpString="{7163E0B9-BA59-4A64-8653-EB910D1BB458}") returned 38 [0047.069] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0047.070] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=879394) returned 1 [0047.070] lstrlenA (lpString="{7163E0B9-BA59-4A64-8653-EB910D1BB458}") returned 38 [0047.070] GetProcessHeap () returned 0x570000 [0047.070] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592418 [0047.070] GetProcessHeap () returned 0x570000 [0047.070] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592490 [0047.070] lstrlenA (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned 58 [0047.080] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.272] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.272] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.273] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.273] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.300] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.300] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.301] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.301] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.301] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.301] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.302] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.302] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.303] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.303] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.303] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.303] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.305] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.305] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.305] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.382] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.383] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.383] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.383] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.385] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.386] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.386] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.386] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.386] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.387] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.387] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.387] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.388] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.388] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.388] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.388] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.389] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.389] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.389] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.389] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.390] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.390] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.390] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.390] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.392] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.392] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.392] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.392] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.393] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.393] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.393] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.393] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.394] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.394] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.394] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.395] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.395] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.395] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.396] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.396] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.396] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.397] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.397] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.397] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.397] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.397] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.397] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.397] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.407] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.408] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.408] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.408] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.409] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.409] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.409] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.409] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.410] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.410] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.410] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.411] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.411] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.411] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.412] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.412] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.412] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.413] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.413] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.413] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.413] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.414] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.414] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.414] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.414] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.415] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.415] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.415] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.415] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.416] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.416] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.416] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.416] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.417] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.417] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.417] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.417] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.418] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.418] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.418] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.418] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.420] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.420] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.420] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.420] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.421] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.421] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.421] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.421] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.422] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.422] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.422] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.422] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.423] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.423] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.423] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.423] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.424] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.424] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.424] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.425] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.425] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.425] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.425] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.426] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.426] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.426] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.426] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.427] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.427] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.428] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.428] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.428] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.429] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.429] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.429] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.429] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.430] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.430] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.430] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.430] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.431] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.431] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.431] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.432] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.432] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.432] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.432] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.432] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.433] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.433] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.433] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.434] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.434] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.434] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.434] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.435] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.435] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.435] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.435] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.436] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.436] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.436] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.437] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.437] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.438] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.438] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.438] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.439] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.439] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.439] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.440] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.440] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.440] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.441] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.441] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.441] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.444] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.445] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.445] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.445] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.445] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.445] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.445] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.447] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.447] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.447] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.447] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.447] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.448] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.448] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.448] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0047.493] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0047.494] lstrlenA (lpString="rsa_encrypt") returned 11 [0047.494] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925b8) returned 1 [0047.494] CryptGenRandom (in: hProv=0x5925b8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0047.494] CryptReleaseContext (hProv=0x5925b8, dwFlags=0x0) returned 1 [0047.495] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592518 [0047.495] lstrlenA (lpString="010001") returned 6 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925a0 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925a0 | out: hHeap=0x570000) returned 1 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925a0 [0047.495] GetProcessHeap () returned 0x570000 [0047.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592628 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925a0 | out: hHeap=0x570000) returned 1 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0047.496] GetProcessHeap () returned 0x570000 [0047.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.497] GetProcessHeap () returned 0x570000 [0047.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.497] GetProcessHeap () returned 0x570000 [0047.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.498] GetProcessHeap () returned 0x570000 [0047.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.499] GetProcessHeap () returned 0x570000 [0047.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.500] GetProcessHeap () returned 0x570000 [0047.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.500] GetProcessHeap () returned 0x570000 [0047.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.501] GetProcessHeap () returned 0x570000 [0047.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.502] GetProcessHeap () returned 0x570000 [0047.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.502] GetProcessHeap () returned 0x570000 [0047.503] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.503] GetProcessHeap () returned 0x570000 [0047.503] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.503] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592628 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0047.504] GetProcessHeap () returned 0x570000 [0047.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592518 | out: hHeap=0x570000) returned 1 [0047.504] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0047.505] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0047.505] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0047.505] CloseHandle (hObject=0x80) returned 1 [0047.582] GetProcessHeap () returned 0x570000 [0047.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0047.582] GetProcessHeap () returned 0x570000 [0047.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0047.582] GetProcessHeap () returned 0x570000 [0047.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0047.582] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" [0047.582] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.{Killback@protonmail.com}KBK" [0047.582] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0047.583] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" | out: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 1 [0047.583] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0047.583] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" [0047.583] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt_files.html")) returned 0xffffffff [0047.583] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0047.583] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0047.584] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0047.584] CloseHandle (hObject=0x80) returned 1 [0047.585] GetProcessHeap () returned 0x570000 [0047.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0047.585] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0047.585] lstrcmpiW (lpString1="Desert.jpg", lpString2=".") returned 1 [0047.585] lstrcmpiW (lpString1="Desert.jpg", lpString2="..") returned 1 [0047.585] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Desert.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" [0047.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Desert.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0047.585] GetProcessHeap () returned 0x570000 [0047.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590f68 [0047.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Desert.jpg", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Desert.jpg", lpUsedDefaultChar=0x0) returned 11 [0047.585] lstrlenA (lpString="Desert.jpg") returned 10 [0047.585] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0047.585] lstrlenA (lpString="Desert.jpg") returned 10 [0047.585] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0047.585] lstrcmpiW (lpString1="Desert.jpg", lpString2="decrypt_files.html") returned 1 [0047.585] lstrcmpiW (lpString1="Desert.jpg", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0047.585] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0047.585] lstrcmpiW (lpString1="Desert.jpg", lpString2="sihvgt.exe") returned -1 [0047.585] _alloca_probe () returned 0x40908b [0047.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 52 [0047.585] GetProcessHeap () returned 0x570000 [0047.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34) returned 0x592418 [0047.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", cchWideChar=-1, lpMultiByteStr=0x592418, cbMultiByte=52, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpUsedDefaultChar=0x0) returned 52 [0047.585] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0047.585] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{739DB94C-A332-45ED-85CB-9D61838A09E6}") returned 38 [0047.585] lstrlenA (lpString="{739DB94C-A332-45ED-85CB-9D61838A09E6}") returned 38 [0047.586] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0047.586] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=845941) returned 1 [0047.586] lstrlenA (lpString="{739DB94C-A332-45ED-85CB-9D61838A09E6}") returned 38 [0047.586] GetProcessHeap () returned 0x570000 [0047.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592458 [0047.586] GetProcessHeap () returned 0x570000 [0047.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d0 [0047.586] lstrlenA (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned 51 [0047.597] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.625] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.626] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.627] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.627] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.627] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.627] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.627] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.628] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.628] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.628] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.628] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.628] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.628] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.629] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.629] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.629] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.629] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.629] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.629] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.629] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.630] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.630] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.630] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.630] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.630] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.630] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.631] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.631] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.631] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.631] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.631] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.631] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.633] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.633] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.633] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.633] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.634] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.634] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.634] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.635] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.635] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.636] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.636] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.636] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.637] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.637] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.637] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.637] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.646] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.646] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.646] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.646] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.647] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.647] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.647] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.647] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.648] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.648] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.649] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.649] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.650] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.651] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.651] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.651] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.651] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.652] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.652] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.652] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.673] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.673] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.673] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.674] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.674] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.675] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.675] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.675] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.676] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.676] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.676] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.676] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.677] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.677] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.677] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.678] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.678] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.679] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.679] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.679] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.680] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.680] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.680] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.680] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.681] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.681] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.682] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.683] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.684] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.685] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.686] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.686] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.686] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.687] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.687] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.687] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.687] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.688] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.688] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.688] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.689] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.689] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.690] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.690] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.690] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.691] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.691] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.691] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.692] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.692] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.692] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.692] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.693] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.701] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.703] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.703] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.705] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.705] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.706] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.706] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.746] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.747] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.747] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.747] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.852] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.853] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.853] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.853] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.853] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.854] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.854] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.854] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.854] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.855] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.855] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.855] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.855] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.856] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.856] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.856] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.857] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.865] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.865] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.865] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.865] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.866] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.866] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.866] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.866] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.867] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.867] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.867] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.868] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.868] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.868] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.868] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.869] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.869] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.870] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.870] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.870] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.871] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.871] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.871] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.872] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.872] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.872] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.873] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.873] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.873] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.873] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.873] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.873] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.873] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.876] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.877] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.877] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.877] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.877] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.879] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.879] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.879] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.879] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.880] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.880] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.880] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.880] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.881] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.881] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.881] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.881] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.882] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.882] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.882] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.882] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.882] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.883] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.883] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0047.884] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0047.884] lstrlenA (lpString="rsa_encrypt") returned 11 [0047.884] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925f8) returned 1 [0047.885] CryptGenRandom (in: hProv=0x5925f8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0047.885] CryptReleaseContext (hProv=0x5925f8, dwFlags=0x0) returned 1 [0047.885] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0047.885] GetProcessHeap () returned 0x570000 [0047.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0047.885] lstrlenA (lpString="010001") returned 6 [0047.885] GetProcessHeap () returned 0x570000 [0047.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0047.885] GetProcessHeap () returned 0x570000 [0047.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0047.885] GetProcessHeap () returned 0x570000 [0047.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0047.885] GetProcessHeap () returned 0x570000 [0047.885] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0047.885] GetProcessHeap () returned 0x570000 [0047.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0047.885] GetProcessHeap () returned 0x570000 [0047.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0047.885] GetProcessHeap () returned 0x570000 [0047.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0047.885] GetProcessHeap () returned 0x570000 [0047.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0047.885] GetProcessHeap () returned 0x570000 [0047.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592668 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.886] GetProcessHeap () returned 0x570000 [0047.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.886] GetProcessHeap () returned 0x570000 [0047.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.887] GetProcessHeap () returned 0x570000 [0047.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.887] GetProcessHeap () returned 0x570000 [0047.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.888] GetProcessHeap () returned 0x570000 [0047.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.889] GetProcessHeap () returned 0x570000 [0047.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.889] GetProcessHeap () returned 0x570000 [0047.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.890] GetProcessHeap () returned 0x570000 [0047.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.891] GetProcessHeap () returned 0x570000 [0047.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.892] GetProcessHeap () returned 0x570000 [0047.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.892] GetProcessHeap () returned 0x570000 [0047.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.893] GetProcessHeap () returned 0x570000 [0047.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0047.893] GetProcessHeap () returned 0x570000 [0047.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0047.894] GetProcessHeap () returned 0x570000 [0047.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592668 | out: hHeap=0x570000) returned 1 [0047.894] GetProcessHeap () returned 0x570000 [0047.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0047.894] GetProcessHeap () returned 0x570000 [0047.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0047.894] GetProcessHeap () returned 0x570000 [0047.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0047.894] GetProcessHeap () returned 0x570000 [0047.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0047.894] GetProcessHeap () returned 0x570000 [0047.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0047.894] GetProcessHeap () returned 0x570000 [0047.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0047.894] GetProcessHeap () returned 0x570000 [0047.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0047.894] GetProcessHeap () returned 0x570000 [0047.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0047.894] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0047.894] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0047.894] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0047.894] CloseHandle (hObject=0x80) returned 1 [0047.911] GetProcessHeap () returned 0x570000 [0047.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0047.911] GetProcessHeap () returned 0x570000 [0047.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0047.911] GetProcessHeap () returned 0x570000 [0047.911] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0047.911] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" [0047.911] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.{Killback@protonmail.com}KBK" [0047.911] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0047.912] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" | out: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 1 [0047.912] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0047.912] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" [0047.912] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt_files.html")) returned 0x20 [0047.912] GetProcessHeap () returned 0x570000 [0047.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0047.912] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0047.912] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0047.912] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0047.912] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" [0047.912] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0047.912] GetProcessHeap () returned 0x570000 [0047.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0047.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0047.913] lstrlenA (lpString="desktop.ini") returned 11 [0047.913] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0047.913] lstrlenA (lpString="desktop.ini") returned 11 [0047.913] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0047.913] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0047.913] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0047.913] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0047.913] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0047.913] _alloca_probe () returned 0x40908b [0047.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 53 [0047.913] GetProcessHeap () returned 0x570000 [0047.913] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x35) returned 0x592418 [0047.913] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x592418, cbMultiByte=53, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", lpUsedDefaultChar=0x0) returned 53 [0047.913] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0047.913] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{C31563AD-A5B5-4E8D-97AA-D953A6D41316}") returned 38 [0047.913] lstrlenA (lpString="{C31563AD-A5B5-4E8D-97AA-D953A6D41316}") returned 38 [0047.913] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0047.914] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=1120) returned 1 [0047.914] lstrlenA (lpString="{C31563AD-A5B5-4E8D-97AA-D953A6D41316}") returned 38 [0047.914] GetProcessHeap () returned 0x570000 [0047.914] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592458 [0047.914] GetProcessHeap () returned 0x570000 [0047.914] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d0 [0047.914] lstrlenA (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini") returned 52 [0047.925] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x460, lpOverlapped=0x0) returned 1 [0047.937] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.937] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x460, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x460, lpOverlapped=0x0) returned 1 [0047.937] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.937] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0047.938] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0047.938] lstrlenA (lpString="rsa_encrypt") returned 11 [0047.938] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925f8) returned 1 [0047.939] CryptGenRandom (in: hProv=0x5925f8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0047.939] CryptReleaseContext (hProv=0x5925f8, dwFlags=0x0) returned 1 [0047.939] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0047.939] lstrlenA (lpString="010001") returned 6 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.939] GetProcessHeap () returned 0x570000 [0047.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0047.939] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592668 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0047.940] GetProcessHeap () returned 0x570000 [0047.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.941] GetProcessHeap () returned 0x570000 [0047.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.941] GetProcessHeap () returned 0x570000 [0047.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.942] GetProcessHeap () returned 0x570000 [0047.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.943] GetProcessHeap () returned 0x570000 [0047.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.944] GetProcessHeap () returned 0x570000 [0047.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.945] GetProcessHeap () returned 0x570000 [0047.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.946] GetProcessHeap () returned 0x570000 [0047.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592668 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0047.947] GetProcessHeap () returned 0x570000 [0047.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0047.947] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0047.948] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0047.948] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0047.948] CloseHandle (hObject=0x80) returned 1 [0047.950] GetProcessHeap () returned 0x570000 [0047.950] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0047.950] GetProcessHeap () returned 0x570000 [0047.950] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0047.950] GetProcessHeap () returned 0x570000 [0047.950] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0047.950] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" [0047.950] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.{Killback@protonmail.com}KBK" [0047.950] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0047.951] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 1 [0047.951] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0047.951] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" [0047.951] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt_files.html")) returned 0x20 [0047.951] GetProcessHeap () returned 0x570000 [0047.951] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0047.951] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Hydrangeas.jpg", cAlternateFileName="HYDRAN~1.JPG")) returned 1 [0047.951] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2=".") returned 1 [0047.951] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="..") returned 1 [0047.951] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Hydrangeas.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" [0047.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Hydrangeas.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0047.951] GetProcessHeap () returned 0x570000 [0047.951] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590f68 [0047.951] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Hydrangeas.jpg", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Hydrangeas.jpg", lpUsedDefaultChar=0x0) returned 15 [0047.951] lstrlenA (lpString="Hydrangeas.jpg") returned 14 [0047.951] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0047.951] lstrlenA (lpString="Hydrangeas.jpg") returned 14 [0047.952] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0047.952] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="decrypt_files.html") returned 1 [0047.952] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0047.952] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0047.952] lstrcmpiW (lpString1="Hydrangeas.jpg", lpString2="sihvgt.exe") returned -1 [0047.952] _alloca_probe () returned 0x40908b [0047.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0047.952] GetProcessHeap () returned 0x570000 [0047.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x38) returned 0x592418 [0047.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", cchWideChar=-1, lpMultiByteStr=0x592418, cbMultiByte=56, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpUsedDefaultChar=0x0) returned 56 [0047.952] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0047.952] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{53F54417-5BF2-43ED-BC98-0B3C376F0C1B}") returned 38 [0047.952] lstrlenA (lpString="{53F54417-5BF2-43ED-BC98-0B3C376F0C1B}") returned 38 [0047.952] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0047.952] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=595284) returned 1 [0047.952] lstrlenA (lpString="{53F54417-5BF2-43ED-BC98-0B3C376F0C1B}") returned 38 [0047.952] GetProcessHeap () returned 0x570000 [0047.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592458 [0047.952] GetProcessHeap () returned 0x570000 [0047.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d0 [0047.952] lstrlenA (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned 55 [0047.963] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.964] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.965] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.965] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.965] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.973] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.973] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.973] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.973] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.974] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.974] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.974] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.974] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.974] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.974] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.974] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.975] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.975] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.975] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.975] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.975] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.975] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.975] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.976] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.976] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.976] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.976] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.976] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.976] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.976] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.977] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.977] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.977] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.978] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.978] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.979] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.979] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.979] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.980] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.980] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.980] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.980] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.981] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.981] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.981] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.982] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.982] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.982] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.982] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.983] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.983] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.983] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.983] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.984] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.984] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.984] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.985] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0047.985] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0047.985] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0047.985] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0047.985] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.013] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.014] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.014] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.014] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.014] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.015] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.015] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.015] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.016] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.016] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.017] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.017] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.017] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.018] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.018] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.018] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.018] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.019] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.019] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.019] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.020] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.020] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.020] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.020] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.021] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.021] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.021] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.021] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.022] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.022] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.022] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.022] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.023] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.023] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.023] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.023] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.024] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.024] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.024] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.025] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.025] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.025] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.026] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.026] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.026] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.026] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.026] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.026] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.028] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.028] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.028] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.028] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.029] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.029] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.029] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.029] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.030] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.030] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.030] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.030] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.032] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.032] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.032] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.032] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.032] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.033] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.033] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.033] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.035] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.035] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.036] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.036] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.036] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.037] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.037] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.037] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.037] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.038] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.038] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.038] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.045] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.045] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.045] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.045] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x1554, lpOverlapped=0x0) returned 1 [0048.045] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffeaac, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.045] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x1560, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x1560, lpOverlapped=0x0) returned 1 [0048.046] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.046] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0048.046] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0048.046] lstrlenA (lpString="rsa_encrypt") returned 11 [0048.046] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925f8) returned 1 [0048.047] CryptGenRandom (in: hProv=0x5925f8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0048.047] CryptReleaseContext (hProv=0x5925f8, dwFlags=0x0) returned 1 [0048.047] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0048.047] GetProcessHeap () returned 0x570000 [0048.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0048.047] lstrlenA (lpString="010001") returned 6 [0048.047] GetProcessHeap () returned 0x570000 [0048.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0048.047] GetProcessHeap () returned 0x570000 [0048.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592668 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.048] GetProcessHeap () returned 0x570000 [0048.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.049] GetProcessHeap () returned 0x570000 [0048.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.049] GetProcessHeap () returned 0x570000 [0048.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.050] GetProcessHeap () returned 0x570000 [0048.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.050] GetProcessHeap () returned 0x570000 [0048.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.051] GetProcessHeap () returned 0x570000 [0048.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.052] GetProcessHeap () returned 0x570000 [0048.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.052] GetProcessHeap () returned 0x570000 [0048.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.053] GetProcessHeap () returned 0x570000 [0048.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.054] GetProcessHeap () returned 0x570000 [0048.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.054] GetProcessHeap () returned 0x570000 [0048.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.055] GetProcessHeap () returned 0x570000 [0048.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.055] GetProcessHeap () returned 0x570000 [0048.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592668 | out: hHeap=0x570000) returned 1 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0048.056] GetProcessHeap () returned 0x570000 [0048.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0048.056] GetProcessHeap () returned 0x570000 [0048.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0048.057] GetProcessHeap () returned 0x570000 [0048.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0048.057] GetProcessHeap () returned 0x570000 [0048.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0048.057] GetProcessHeap () returned 0x570000 [0048.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.057] GetProcessHeap () returned 0x570000 [0048.057] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0048.057] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0048.057] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0048.057] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0048.057] CloseHandle (hObject=0x80) returned 1 [0048.074] GetProcessHeap () returned 0x570000 [0048.074] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0048.074] GetProcessHeap () returned 0x570000 [0048.074] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0048.074] GetProcessHeap () returned 0x570000 [0048.074] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0048.074] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" [0048.074] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.{Killback@protonmail.com}KBK" [0048.074] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0048.075] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" | out: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 1 [0048.075] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0048.075] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" [0048.075] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt_files.html")) returned 0x20 [0048.075] GetProcessHeap () returned 0x570000 [0048.075] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0048.075] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Jellyfish.jpg", cAlternateFileName="JELLYF~1.JPG")) returned 1 [0048.075] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2=".") returned 1 [0048.075] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="..") returned 1 [0048.075] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Jellyfish.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" [0048.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Jellyfish.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0048.075] GetProcessHeap () returned 0x570000 [0048.075] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xe) returned 0x590f68 [0048.075] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Jellyfish.jpg", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Jellyfish.jpg", lpUsedDefaultChar=0x0) returned 14 [0048.075] lstrlenA (lpString="Jellyfish.jpg") returned 13 [0048.075] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.075] lstrlenA (lpString="Jellyfish.jpg") returned 13 [0048.075] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.075] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="decrypt_files.html") returned 1 [0048.075] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0048.076] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0048.076] lstrcmpiW (lpString1="Jellyfish.jpg", lpString2="sihvgt.exe") returned -1 [0048.076] _alloca_probe () returned 0x40908b [0048.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0048.076] GetProcessHeap () returned 0x570000 [0048.076] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x37) returned 0x592418 [0048.076] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", cchWideChar=-1, lpMultiByteStr=0x592418, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpUsedDefaultChar=0x0) returned 55 [0048.076] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0048.076] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{FE57C024-A35B-4706-9562-85F210E908FD}") returned 38 [0048.076] lstrlenA (lpString="{FE57C024-A35B-4706-9562-85F210E908FD}") returned 38 [0048.076] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0048.078] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=775702) returned 1 [0048.079] lstrlenA (lpString="{FE57C024-A35B-4706-9562-85F210E908FD}") returned 38 [0048.079] GetProcessHeap () returned 0x570000 [0048.079] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592458 [0048.079] GetProcessHeap () returned 0x570000 [0048.079] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d0 [0048.079] lstrlenA (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned 54 [0048.089] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.090] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.091] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.092] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.092] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.092] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.092] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.092] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.092] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.092] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.093] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.093] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.093] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.093] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.094] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.094] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.094] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.095] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.095] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.095] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.095] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.095] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.097] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.097] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.097] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.097] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.098] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.098] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.098] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.098] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.099] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.099] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.100] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.100] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.100] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.101] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.101] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.101] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.101] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.101] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.102] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.102] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.102] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.102] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.102] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.102] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.109] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.109] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.109] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.109] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.111] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.111] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.111] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.111] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.112] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.112] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.112] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.112] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.113] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.113] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.114] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.114] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.114] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.115] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.115] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.115] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.115] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.116] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.116] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.116] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.116] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.117] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.117] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.117] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.118] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.118] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.118] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.118] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.119] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.119] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.119] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.120] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.120] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.120] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.121] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.122] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.122] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.122] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.122] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.123] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.123] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.123] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.123] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.124] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.124] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.124] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.125] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.125] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.125] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.126] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.126] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.126] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.127] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.127] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.127] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.128] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.128] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.128] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.128] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.129] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.129] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.129] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.130] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.131] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.131] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.131] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.131] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.132] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.132] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.132] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.132] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.133] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.133] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.133] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.133] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.134] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.134] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.134] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.135] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.135] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.135] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.135] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.136] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.136] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.137] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.137] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.137] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.138] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.138] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.138] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.138] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.139] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.139] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.139] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.140] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.140] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.140] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.141] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.141] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.142] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.142] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.142] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.142] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.143] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.143] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.143] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.143] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.144] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.144] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.144] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.144] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.145] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.145] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.145] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.146] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.146] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.146] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.146] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.147] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.147] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.148] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.148] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.148] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.149] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.149] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x1616, lpOverlapped=0x0) returned 1 [0048.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe9ea, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.149] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x1620, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x1620, lpOverlapped=0x0) returned 1 [0048.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.150] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0048.150] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0048.150] lstrlenA (lpString="rsa_encrypt") returned 11 [0048.150] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925f8) returned 1 [0048.151] CryptGenRandom (in: hProv=0x5925f8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0048.151] CryptReleaseContext (hProv=0x5925f8, dwFlags=0x0) returned 1 [0048.151] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0048.151] GetProcessHeap () returned 0x570000 [0048.151] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0048.151] lstrlenA (lpString="010001") returned 6 [0048.151] GetProcessHeap () returned 0x570000 [0048.151] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0048.151] GetProcessHeap () returned 0x570000 [0048.151] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.151] GetProcessHeap () returned 0x570000 [0048.151] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0048.151] GetProcessHeap () returned 0x570000 [0048.151] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.151] GetProcessHeap () returned 0x570000 [0048.151] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0048.151] GetProcessHeap () returned 0x570000 [0048.151] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0048.151] GetProcessHeap () returned 0x570000 [0048.151] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0048.151] GetProcessHeap () returned 0x570000 [0048.151] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0048.151] GetProcessHeap () returned 0x570000 [0048.151] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.151] GetProcessHeap () returned 0x570000 [0048.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592668 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.152] GetProcessHeap () returned 0x570000 [0048.152] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.152] GetProcessHeap () returned 0x570000 [0048.153] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.153] GetProcessHeap () returned 0x570000 [0048.153] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.153] GetProcessHeap () returned 0x570000 [0048.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.154] GetProcessHeap () returned 0x570000 [0048.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.154] GetProcessHeap () returned 0x570000 [0048.155] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.155] GetProcessHeap () returned 0x570000 [0048.155] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.155] GetProcessHeap () returned 0x570000 [0048.156] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.156] GetProcessHeap () returned 0x570000 [0048.156] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.157] GetProcessHeap () returned 0x570000 [0048.157] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.157] GetProcessHeap () returned 0x570000 [0048.158] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.158] GetProcessHeap () returned 0x570000 [0048.158] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.159] GetProcessHeap () returned 0x570000 [0048.159] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592668 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.160] GetProcessHeap () returned 0x570000 [0048.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0048.160] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0048.160] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0048.160] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0048.161] CloseHandle (hObject=0x80) returned 1 [0048.177] GetProcessHeap () returned 0x570000 [0048.177] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0048.177] GetProcessHeap () returned 0x570000 [0048.177] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0048.177] GetProcessHeap () returned 0x570000 [0048.177] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0048.177] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" [0048.177] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.{Killback@protonmail.com}KBK" [0048.177] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0048.178] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" | out: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 1 [0048.178] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0048.178] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" [0048.178] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt_files.html")) returned 0x20 [0048.178] GetProcessHeap () returned 0x570000 [0048.178] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0048.178] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Koala.jpg", cAlternateFileName="")) returned 1 [0048.178] lstrcmpiW (lpString1="Koala.jpg", lpString2=".") returned 1 [0048.178] lstrcmpiW (lpString1="Koala.jpg", lpString2="..") returned 1 [0048.178] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Koala.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" [0048.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Koala.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0048.178] GetProcessHeap () returned 0x570000 [0048.178] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0048.178] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Koala.jpg", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Koala.jpg", lpUsedDefaultChar=0x0) returned 10 [0048.179] lstrlenA (lpString="Koala.jpg") returned 9 [0048.179] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.179] lstrlenA (lpString="Koala.jpg") returned 9 [0048.179] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.179] lstrcmpiW (lpString1="Koala.jpg", lpString2="decrypt_files.html") returned 1 [0048.179] lstrcmpiW (lpString1="Koala.jpg", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0048.179] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0048.179] lstrcmpiW (lpString1="Koala.jpg", lpString2="sihvgt.exe") returned -1 [0048.179] _alloca_probe () returned 0x40908b [0048.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0048.179] GetProcessHeap () returned 0x570000 [0048.179] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x33) returned 0x592418 [0048.179] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", cchWideChar=-1, lpMultiByteStr=0x592418, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpUsedDefaultChar=0x0) returned 51 [0048.179] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0048.179] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{3E95A42D-8CD4-47A3-9691-CC8CFCABB317}") returned 38 [0048.179] lstrlenA (lpString="{3E95A42D-8CD4-47A3-9691-CC8CFCABB317}") returned 38 [0048.179] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0048.179] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=780831) returned 1 [0048.179] lstrlenA (lpString="{3E95A42D-8CD4-47A3-9691-CC8CFCABB317}") returned 38 [0048.179] GetProcessHeap () returned 0x570000 [0048.179] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592458 [0048.180] GetProcessHeap () returned 0x570000 [0048.180] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d0 [0048.180] lstrlenA (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned 50 [0048.190] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.192] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.193] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.193] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.193] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.194] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.194] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.194] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.194] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.194] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.195] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.195] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.195] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.195] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.195] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.195] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.195] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.195] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.196] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.196] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.196] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.196] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.196] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.196] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.197] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.197] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.197] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.197] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.197] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.197] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.197] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.198] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.198] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.199] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.199] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.199] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.199] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.200] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.200] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.201] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.201] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.201] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.202] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.202] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.202] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.203] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.203] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.203] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.203] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.204] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.204] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.204] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.204] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.205] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.205] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.206] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.206] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.206] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.207] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.207] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.207] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.208] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.209] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.209] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.209] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.210] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.210] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.210] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.210] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.210] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.211] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.211] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.211] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.212] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.212] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.213] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.213] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.213] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.213] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.214] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.214] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.214] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.215] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.215] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.215] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.215] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.215] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.216] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.216] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.217] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.217] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.217] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.218] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.218] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.218] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.218] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.219] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.219] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.219] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.219] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.220] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.220] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.220] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.220] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.221] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.222] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.222] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.222] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.222] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.223] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.223] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.224] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.224] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.224] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.224] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.224] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.226] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.226] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.226] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.226] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.227] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.227] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.227] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.228] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.228] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.228] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.228] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.229] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.229] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.230] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.230] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.230] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.230] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.230] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.231] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.231] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.231] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.231] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.232] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.232] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.232] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.232] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.233] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.233] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.233] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.233] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.236] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.236] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.237] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.237] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.237] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.237] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.237] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.238] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.241] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.241] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.241] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.242] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.242] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.242] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.243] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.243] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.243] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.244] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.244] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.244] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.244] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.245] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.245] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.245] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.245] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.246] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.246] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.246] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.246] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.247] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.247] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.247] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0048.248] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0048.248] lstrlenA (lpString="rsa_encrypt") returned 11 [0048.248] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925f8) returned 1 [0048.249] CryptGenRandom (in: hProv=0x5925f8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0048.249] CryptReleaseContext (hProv=0x5925f8, dwFlags=0x0) returned 1 [0048.249] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0048.249] GetProcessHeap () returned 0x570000 [0048.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0048.249] lstrlenA (lpString="010001") returned 6 [0048.249] GetProcessHeap () returned 0x570000 [0048.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0048.249] GetProcessHeap () returned 0x570000 [0048.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.249] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592668 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0048.250] GetProcessHeap () returned 0x570000 [0048.250] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.251] GetProcessHeap () returned 0x570000 [0048.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.252] GetProcessHeap () returned 0x570000 [0048.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.252] GetProcessHeap () returned 0x570000 [0048.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.253] GetProcessHeap () returned 0x570000 [0048.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.254] GetProcessHeap () returned 0x570000 [0048.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.255] GetProcessHeap () returned 0x570000 [0048.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.256] GetProcessHeap () returned 0x570000 [0048.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.256] GetProcessHeap () returned 0x570000 [0048.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.257] GetProcessHeap () returned 0x570000 [0048.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.257] GetProcessHeap () returned 0x570000 [0048.258] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592668 | out: hHeap=0x570000) returned 1 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0048.258] GetProcessHeap () returned 0x570000 [0048.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0048.258] GetProcessHeap () returned 0x570000 [0048.259] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0048.259] GetProcessHeap () returned 0x570000 [0048.259] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0048.259] GetProcessHeap () returned 0x570000 [0048.259] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0048.259] GetProcessHeap () returned 0x570000 [0048.259] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.259] GetProcessHeap () returned 0x570000 [0048.259] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0048.259] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0048.259] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0048.259] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0048.259] CloseHandle (hObject=0x80) returned 1 [0048.277] GetProcessHeap () returned 0x570000 [0048.277] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0048.277] GetProcessHeap () returned 0x570000 [0048.277] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0048.277] GetProcessHeap () returned 0x570000 [0048.277] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0048.277] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" [0048.277] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.{Killback@protonmail.com}KBK" [0048.277] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0048.278] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" | out: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 1 [0048.278] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0048.278] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" [0048.278] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt_files.html")) returned 0x20 [0048.278] GetProcessHeap () returned 0x570000 [0048.278] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0048.278] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Lighthouse.jpg", cAlternateFileName="LIGHTH~1.JPG")) returned 1 [0048.278] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2=".") returned 1 [0048.278] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="..") returned 1 [0048.278] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Lighthouse.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" [0048.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Lighthouse.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0048.278] GetProcessHeap () returned 0x570000 [0048.278] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590f68 [0048.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Lighthouse.jpg", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Lighthouse.jpg", lpUsedDefaultChar=0x0) returned 15 [0048.278] lstrlenA (lpString="Lighthouse.jpg") returned 14 [0048.278] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.278] lstrlenA (lpString="Lighthouse.jpg") returned 14 [0048.278] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.278] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="decrypt_files.html") returned 1 [0048.278] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0048.278] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0048.278] lstrcmpiW (lpString1="Lighthouse.jpg", lpString2="sihvgt.exe") returned -1 [0048.278] _alloca_probe () returned 0x40908b [0048.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0048.279] GetProcessHeap () returned 0x570000 [0048.279] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x38) returned 0x592418 [0048.279] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", cchWideChar=-1, lpMultiByteStr=0x592418, cbMultiByte=56, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", lpUsedDefaultChar=0x0) returned 56 [0048.279] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0048.279] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{7F6DA191-AF80-401B-AFB6-770FABEC3A8E}") returned 38 [0048.279] lstrlenA (lpString="{7F6DA191-AF80-401B-AFB6-770FABEC3A8E}") returned 38 [0048.279] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0048.280] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=561276) returned 1 [0048.280] lstrlenA (lpString="{7F6DA191-AF80-401B-AFB6-770FABEC3A8E}") returned 38 [0048.280] GetProcessHeap () returned 0x570000 [0048.280] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592458 [0048.280] GetProcessHeap () returned 0x570000 [0048.280] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d0 [0048.280] lstrlenA (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned 55 [0048.290] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.292] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.293] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.294] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.294] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.294] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.294] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.294] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.295] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.295] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.295] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.296] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.296] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.296] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.296] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.297] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.298] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.298] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.302] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.303] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.303] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.304] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.304] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.305] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.305] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.305] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.305] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.306] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.306] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.306] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.307] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.307] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.307] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.307] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.307] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.310] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.310] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.310] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.311] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.312] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.312] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.312] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.312] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.313] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.313] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.314] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.314] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.314] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.315] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.315] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.315] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.315] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.316] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.316] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.316] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.316] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.317] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.317] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.317] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.317] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.318] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.318] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.318] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.319] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.320] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.321] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.321] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.322] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.322] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.323] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.323] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.323] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.324] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.324] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.324] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.324] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.325] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.325] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.325] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.326] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.326] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.326] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.327] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.327] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.327] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.327] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.327] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.328] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.329] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.329] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.329] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.329] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.329] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.330] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.330] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.330] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.331] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.332] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.332] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.332] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.332] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.333] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.333] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.333] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.334] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.334] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.334] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.335] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x107c, lpOverlapped=0x0) returned 1 [0048.335] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffef84, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.335] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x1080, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x1080, lpOverlapped=0x0) returned 1 [0048.335] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.335] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0048.335] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0048.335] lstrlenA (lpString="rsa_encrypt") returned 11 [0048.335] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925f8) returned 1 [0048.336] CryptGenRandom (in: hProv=0x5925f8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0048.336] CryptReleaseContext (hProv=0x5925f8, dwFlags=0x0) returned 1 [0048.336] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0048.336] GetProcessHeap () returned 0x570000 [0048.336] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0048.336] lstrlenA (lpString="010001") returned 6 [0048.336] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592668 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.337] GetProcessHeap () returned 0x570000 [0048.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0048.337] GetProcessHeap () returned 0x570000 [0048.338] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.338] GetProcessHeap () returned 0x570000 [0048.338] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.339] GetProcessHeap () returned 0x570000 [0048.339] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.339] GetProcessHeap () returned 0x570000 [0048.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.340] GetProcessHeap () returned 0x570000 [0048.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.341] GetProcessHeap () returned 0x570000 [0048.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.341] GetProcessHeap () returned 0x570000 [0048.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.342] GetProcessHeap () returned 0x570000 [0048.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.342] GetProcessHeap () returned 0x570000 [0048.343] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.343] GetProcessHeap () returned 0x570000 [0048.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.344] GetProcessHeap () returned 0x570000 [0048.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592668 | out: hHeap=0x570000) returned 1 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0048.345] GetProcessHeap () returned 0x570000 [0048.345] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0048.346] GetProcessHeap () returned 0x570000 [0048.346] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0048.346] GetProcessHeap () returned 0x570000 [0048.346] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0048.346] GetProcessHeap () returned 0x570000 [0048.346] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0048.346] GetProcessHeap () returned 0x570000 [0048.346] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0048.346] GetProcessHeap () returned 0x570000 [0048.346] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.346] GetProcessHeap () returned 0x570000 [0048.346] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0048.346] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0048.346] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0048.346] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0048.346] CloseHandle (hObject=0x80) returned 1 [0048.356] GetProcessHeap () returned 0x570000 [0048.356] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0048.356] GetProcessHeap () returned 0x570000 [0048.356] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0048.356] GetProcessHeap () returned 0x570000 [0048.356] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0048.357] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" [0048.357] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.{Killback@protonmail.com}KBK" [0048.357] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0048.357] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" | out: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 1 [0048.357] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0048.357] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" [0048.357] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt_files.html")) returned 0x20 [0048.357] GetProcessHeap () returned 0x570000 [0048.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0048.357] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Penguins.jpg", cAlternateFileName="")) returned 1 [0048.358] lstrcmpiW (lpString1="Penguins.jpg", lpString2=".") returned 1 [0048.358] lstrcmpiW (lpString1="Penguins.jpg", lpString2="..") returned 1 [0048.358] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Penguins.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" [0048.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Penguins.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0048.358] GetProcessHeap () returned 0x570000 [0048.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0048.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Penguins.jpg", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Penguins.jpg", lpUsedDefaultChar=0x0) returned 13 [0048.358] lstrlenA (lpString="Penguins.jpg") returned 12 [0048.358] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.358] lstrlenA (lpString="Penguins.jpg") returned 12 [0048.358] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.358] lstrcmpiW (lpString1="Penguins.jpg", lpString2="decrypt_files.html") returned 1 [0048.358] lstrcmpiW (lpString1="Penguins.jpg", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0048.358] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0048.358] lstrcmpiW (lpString1="Penguins.jpg", lpString2="sihvgt.exe") returned -1 [0048.358] _alloca_probe () returned 0x40908b [0048.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0048.358] GetProcessHeap () returned 0x570000 [0048.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x592418 [0048.358] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", cchWideChar=-1, lpMultiByteStr=0x592418, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", lpUsedDefaultChar=0x0) returned 54 [0048.358] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0048.358] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{6458AD62-C8B1-43F3-B4CE-4F136857BF90}") returned 38 [0048.358] lstrlenA (lpString="{6458AD62-C8B1-43F3-B4CE-4F136857BF90}") returned 38 [0048.358] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0048.359] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=777835) returned 1 [0048.359] lstrlenA (lpString="{6458AD62-C8B1-43F3-B4CE-4F136857BF90}") returned 38 [0048.359] GetProcessHeap () returned 0x570000 [0048.359] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592458 [0048.359] GetProcessHeap () returned 0x570000 [0048.359] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d0 [0048.359] lstrlenA (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned 53 [0048.370] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.381] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.381] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.382] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.382] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.382] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.382] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.383] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.383] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.383] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.383] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.383] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.383] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.383] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.385] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.385] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.385] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.385] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.385] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.386] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.386] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.386] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.386] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.386] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.386] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.386] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.387] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.387] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.387] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.387] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.387] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.387] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.387] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.389] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.389] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.389] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.389] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.390] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.391] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.391] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.391] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.392] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.392] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.392] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.392] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.393] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.393] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.393] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.393] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.394] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.394] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.395] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.395] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.395] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.396] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.396] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.396] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.397] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.397] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.397] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.397] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.398] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.398] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.398] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.398] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.399] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.399] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.399] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.399] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.400] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.400] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.400] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.400] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.401] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.401] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.401] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.401] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.402] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.402] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.402] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.402] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.403] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.403] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.403] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.403] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.404] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.404] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.405] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.405] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.405] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.406] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.406] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.406] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.407] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.407] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.407] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.407] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.408] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.408] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.408] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.408] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.409] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.409] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.409] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.409] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.412] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.413] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.413] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.413] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.413] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.415] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.415] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.415] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.416] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.416] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.416] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.417] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.417] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.418] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.418] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.418] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.419] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.419] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.419] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.419] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.420] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.421] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.421] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.421] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.422] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.422] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.423] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.423] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.423] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.424] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.424] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.424] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.424] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.425] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.425] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.425] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.425] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.426] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.426] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.426] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.427] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.427] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.427] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.427] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.428] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.428] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.428] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.429] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.431] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.432] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.432] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.432] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.432] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.433] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.433] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.433] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.434] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.434] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.434] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.434] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.435] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.435] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.435] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.435] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.436] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.436] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.436] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.436] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.437] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.437] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.437] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.437] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.438] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.438] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.438] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.438] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.439] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.439] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.439] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.439] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.440] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.440] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.441] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.441] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x1e6b, lpOverlapped=0x0) returned 1 [0048.441] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe195, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.441] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x1e70, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x1e70, lpOverlapped=0x0) returned 1 [0048.441] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.441] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0048.441] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0048.441] lstrlenA (lpString="rsa_encrypt") returned 11 [0048.441] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925f8) returned 1 [0048.442] CryptGenRandom (in: hProv=0x5925f8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0048.442] CryptReleaseContext (hProv=0x5925f8, dwFlags=0x0) returned 1 [0048.442] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0048.443] lstrlenA (lpString="010001") returned 6 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.443] GetProcessHeap () returned 0x570000 [0048.443] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592668 [0048.443] GetProcessHeap () returned 0x570000 [0048.444] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0048.444] GetProcessHeap () returned 0x570000 [0048.444] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.445] GetProcessHeap () returned 0x570000 [0048.445] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.446] GetProcessHeap () returned 0x570000 [0048.446] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.446] GetProcessHeap () returned 0x570000 [0048.446] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.446] GetProcessHeap () returned 0x570000 [0048.446] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.446] GetProcessHeap () returned 0x570000 [0048.446] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.446] GetProcessHeap () returned 0x570000 [0048.446] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.446] GetProcessHeap () returned 0x570000 [0048.446] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.446] GetProcessHeap () returned 0x570000 [0048.446] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.446] GetProcessHeap () returned 0x570000 [0048.446] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.446] GetProcessHeap () returned 0x570000 [0048.446] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.447] GetProcessHeap () returned 0x570000 [0048.447] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.448] GetProcessHeap () returned 0x570000 [0048.448] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.449] GetProcessHeap () returned 0x570000 [0048.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.450] GetProcessHeap () returned 0x570000 [0048.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.451] GetProcessHeap () returned 0x570000 [0048.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.451] GetProcessHeap () returned 0x570000 [0048.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.452] GetProcessHeap () returned 0x570000 [0048.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.452] GetProcessHeap () returned 0x570000 [0048.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.452] GetProcessHeap () returned 0x570000 [0048.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.452] GetProcessHeap () returned 0x570000 [0048.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.452] GetProcessHeap () returned 0x570000 [0048.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.452] GetProcessHeap () returned 0x570000 [0048.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.452] GetProcessHeap () returned 0x570000 [0048.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.452] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592668 | out: hHeap=0x570000) returned 1 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0048.453] GetProcessHeap () returned 0x570000 [0048.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0048.454] GetProcessHeap () returned 0x570000 [0048.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0048.454] GetProcessHeap () returned 0x570000 [0048.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0048.454] GetProcessHeap () returned 0x570000 [0048.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0048.454] GetProcessHeap () returned 0x570000 [0048.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.454] GetProcessHeap () returned 0x570000 [0048.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0048.454] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0048.454] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0048.454] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0048.454] CloseHandle (hObject=0x80) returned 1 [0048.474] GetProcessHeap () returned 0x570000 [0048.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0048.474] GetProcessHeap () returned 0x570000 [0048.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0048.474] GetProcessHeap () returned 0x570000 [0048.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0048.474] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" [0048.474] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.{Killback@protonmail.com}KBK" [0048.474] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0048.474] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" | out: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 1 [0048.475] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0048.475] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" [0048.475] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt_files.html")) returned 0x20 [0048.475] GetProcessHeap () returned 0x570000 [0048.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0048.475] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 1 [0048.475] lstrcmpiW (lpString1="Tulips.jpg", lpString2=".") returned 1 [0048.475] lstrcmpiW (lpString1="Tulips.jpg", lpString2="..") returned 1 [0048.475] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="Tulips.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" [0048.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Tulips.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0048.475] GetProcessHeap () returned 0x570000 [0048.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590f68 [0048.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Tulips.jpg", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Tulips.jpg", lpUsedDefaultChar=0x0) returned 11 [0048.475] lstrlenA (lpString="Tulips.jpg") returned 10 [0048.475] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.475] lstrlenA (lpString="Tulips.jpg") returned 10 [0048.475] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.475] lstrcmpiW (lpString1="Tulips.jpg", lpString2="decrypt_files.html") returned 1 [0048.475] lstrcmpiW (lpString1="Tulips.jpg", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0048.475] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0048.475] lstrcmpiW (lpString1="Tulips.jpg", lpString2="sihvgt.exe") returned 1 [0048.475] _alloca_probe () returned 0x40908b [0048.475] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 52 [0048.475] GetProcessHeap () returned 0x570000 [0048.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34) returned 0x592418 [0048.476] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", cchWideChar=-1, lpMultiByteStr=0x592418, cbMultiByte=52, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", lpUsedDefaultChar=0x0) returned 52 [0048.476] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0048.476] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{A2044139-FAA8-414A-84F4-2159436C7454}") returned 38 [0048.476] lstrlenA (lpString="{A2044139-FAA8-414A-84F4-2159436C7454}") returned 38 [0048.476] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0048.476] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=620888) returned 1 [0048.476] lstrlenA (lpString="{A2044139-FAA8-414A-84F4-2159436C7454}") returned 38 [0048.476] GetProcessHeap () returned 0x570000 [0048.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592458 [0048.476] GetProcessHeap () returned 0x570000 [0048.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d0 [0048.476] lstrlenA (lpString="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned 51 [0048.487] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.489] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.491] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.491] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.491] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.491] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.491] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.492] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.492] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.492] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.492] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.492] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.492] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.492] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.493] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.493] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.493] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.493] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.493] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.493] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.493] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.493] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.494] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.494] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.494] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.494] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.494] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.494] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.495] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.495] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.495] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.495] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.495] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.498] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.498] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.498] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.498] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.530] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.530] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.530] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.530] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.531] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.531] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.531] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.532] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.532] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.533] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.533] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.533] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.533] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.534] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.534] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.534] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.535] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.535] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.535] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.535] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.536] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.536] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.536] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.536] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.538] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.538] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.538] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.538] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.539] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.539] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.540] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.540] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.540] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.541] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.541] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.541] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.542] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.542] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.542] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.542] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.543] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.543] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.543] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.543] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.544] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.544] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.544] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.544] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.545] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.545] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.546] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.546] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.547] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.547] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.547] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.547] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.547] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.548] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.548] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.548] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.549] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.549] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.549] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.549] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.563] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.563] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.563] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.563] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.564] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.564] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.564] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.564] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.565] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.565] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.566] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.566] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.566] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.567] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.567] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.567] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.567] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.568] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.568] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.568] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.569] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.569] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.569] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.570] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.570] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.571] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.571] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.571] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.572] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.572] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.572] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.573] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.573] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.574] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.574] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.574] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.574] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.575] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.575] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.575] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.575] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.576] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.576] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.576] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.577] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.577] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.577] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.578] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.578] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.578] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.578] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.578] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0048.579] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0048.579] lstrlenA (lpString="rsa_encrypt") returned 11 [0048.579] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925f8) returned 1 [0048.580] CryptGenRandom (in: hProv=0x5925f8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0048.580] CryptReleaseContext (hProv=0x5925f8, dwFlags=0x0) returned 1 [0048.580] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0048.580] GetProcessHeap () returned 0x570000 [0048.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0048.580] lstrlenA (lpString="010001") returned 6 [0048.580] GetProcessHeap () returned 0x570000 [0048.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0048.580] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e0 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592668 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0048.581] GetProcessHeap () returned 0x570000 [0048.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.582] GetProcessHeap () returned 0x570000 [0048.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.582] GetProcessHeap () returned 0x570000 [0048.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.583] GetProcessHeap () returned 0x570000 [0048.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.583] GetProcessHeap () returned 0x570000 [0048.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.584] GetProcessHeap () returned 0x570000 [0048.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.585] GetProcessHeap () returned 0x570000 [0048.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.585] GetProcessHeap () returned 0x570000 [0048.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.586] GetProcessHeap () returned 0x570000 [0048.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.586] GetProcessHeap () returned 0x570000 [0048.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.587] GetProcessHeap () returned 0x570000 [0048.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.588] GetProcessHeap () returned 0x570000 [0048.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.588] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592668 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0048.589] GetProcessHeap () returned 0x570000 [0048.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0048.590] GetProcessHeap () returned 0x570000 [0048.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0048.590] GetProcessHeap () returned 0x570000 [0048.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.590] GetProcessHeap () returned 0x570000 [0048.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0048.590] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0048.590] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0048.590] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0048.590] CloseHandle (hObject=0x80) returned 1 [0048.600] GetProcessHeap () returned 0x570000 [0048.600] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0048.600] GetProcessHeap () returned 0x570000 [0048.600] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0048.600] GetProcessHeap () returned 0x570000 [0048.600] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0048.601] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" [0048.601] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.{Killback@protonmail.com}KBK" [0048.601] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0048.601] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" | out: pszPath="C:\\Users\\Public\\Pictures\\Sample Pictures") returned 1 [0048.601] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\" [0048.602] lstrcatW (in: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html") returned="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" [0048.602] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\decrypt_files.html" (normalized: "c:\\users\\public\\pictures\\sample pictures\\decrypt_files.html")) returned 0x20 [0048.602] GetProcessHeap () returned 0x570000 [0048.602] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0048.602] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 0 [0048.602] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0048.602] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Music\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0048.602] GetProcessHeap () returned 0x570000 [0048.602] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0048.602] GetProcessHeap () returned 0x570000 [0048.602] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0048.602] lstrlenW (lpString="C:\\Users\\Public\\Music\\") returned 22 [0048.602] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Music\\*") returned="C:\\Users\\Public\\Music\\*" [0048.602] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0048.602] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.602] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0048.602] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.602] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.603] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0048.603] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0048.603] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0048.603] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Music\\desktop.ini") returned="C:\\Users\\Public\\Music\\desktop.ini" [0048.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0048.603] GetProcessHeap () returned 0x570000 [0048.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0048.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0048.603] lstrlenA (lpString="desktop.ini") returned 11 [0048.603] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.603] lstrlenA (lpString="desktop.ini") returned 11 [0048.603] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.603] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0048.603] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0048.603] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0048.603] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0048.603] _alloca_probe () returned 0x40908b [0048.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Music\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 34 [0048.603] GetProcessHeap () returned 0x570000 [0048.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x22) returned 0x5923e0 [0048.603] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Music\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x5923e0, cbMultiByte=34, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Music\\desktop.ini", lpUsedDefaultChar=0x0) returned 34 [0048.603] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0048.603] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{928DD4C6-08AB-4847-8E65-A0CB9E825C06}") returned 38 [0048.603] lstrlenA (lpString="{928DD4C6-08AB-4847-8E65-A0CB9E825C06}") returned 38 [0048.603] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0048.604] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=380) returned 1 [0048.604] lstrlenA (lpString="{928DD4C6-08AB-4847-8E65-A0CB9E825C06}") returned 38 [0048.604] GetProcessHeap () returned 0x570000 [0048.604] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592410 [0048.604] GetProcessHeap () returned 0x570000 [0048.604] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592488 [0048.604] lstrlenA (lpString="C:\\Users\\Public\\Music\\desktop.ini") returned 33 [0048.615] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x17c, lpOverlapped=0x0) returned 1 [0048.616] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.616] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x180, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x180, lpOverlapped=0x0) returned 1 [0048.616] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.616] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0048.617] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0048.619] lstrlenA (lpString="rsa_encrypt") returned 11 [0048.619] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925b0) returned 1 [0048.620] CryptGenRandom (in: hProv=0x5925b0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0048.620] CryptReleaseContext (hProv=0x5925b0, dwFlags=0x0) returned 1 [0048.620] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0048.620] GetProcessHeap () returned 0x570000 [0048.620] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592510 [0048.620] lstrlenA (lpString="010001") returned 6 [0048.620] GetProcessHeap () returned 0x570000 [0048.620] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592598 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592598 | out: hHeap=0x570000) returned 1 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592598 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592620 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.621] GetProcessHeap () returned 0x570000 [0048.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0048.621] GetProcessHeap () returned 0x570000 [0048.622] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592598 | out: hHeap=0x570000) returned 1 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.622] GetProcessHeap () returned 0x570000 [0048.622] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.622] GetProcessHeap () returned 0x570000 [0048.623] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.623] GetProcessHeap () returned 0x570000 [0048.623] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.624] GetProcessHeap () returned 0x570000 [0048.624] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.624] GetProcessHeap () returned 0x570000 [0048.624] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.624] GetProcessHeap () returned 0x570000 [0048.624] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.624] GetProcessHeap () returned 0x570000 [0048.624] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.624] GetProcessHeap () returned 0x570000 [0048.624] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.624] GetProcessHeap () returned 0x570000 [0048.624] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.624] GetProcessHeap () returned 0x570000 [0048.624] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.624] GetProcessHeap () returned 0x570000 [0048.624] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.624] GetProcessHeap () returned 0x570000 [0048.624] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.624] GetProcessHeap () returned 0x570000 [0048.624] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.624] GetProcessHeap () returned 0x570000 [0048.626] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.626] GetProcessHeap () returned 0x570000 [0048.626] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.626] GetProcessHeap () returned 0x570000 [0048.626] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.626] GetProcessHeap () returned 0x570000 [0048.626] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.626] GetProcessHeap () returned 0x570000 [0048.626] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.626] GetProcessHeap () returned 0x570000 [0048.626] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.626] GetProcessHeap () returned 0x570000 [0048.626] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.627] GetProcessHeap () returned 0x570000 [0048.627] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.628] GetProcessHeap () returned 0x570000 [0048.628] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.629] GetProcessHeap () returned 0x570000 [0048.629] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.630] GetProcessHeap () returned 0x570000 [0048.630] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592620 | out: hHeap=0x570000) returned 1 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0048.631] GetProcessHeap () returned 0x570000 [0048.631] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0048.632] GetProcessHeap () returned 0x570000 [0048.632] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0048.632] GetProcessHeap () returned 0x570000 [0048.632] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0048.632] GetProcessHeap () returned 0x570000 [0048.632] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0048.632] GetProcessHeap () returned 0x570000 [0048.632] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0048.632] GetProcessHeap () returned 0x570000 [0048.632] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592510 | out: hHeap=0x570000) returned 1 [0048.632] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0048.632] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0048.632] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0048.632] CloseHandle (hObject=0x80) returned 1 [0048.649] GetProcessHeap () returned 0x570000 [0048.649] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0048.649] GetProcessHeap () returned 0x570000 [0048.649] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592410 | out: hHeap=0x570000) returned 1 [0048.649] GetProcessHeap () returned 0x570000 [0048.649] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592488 | out: hHeap=0x570000) returned 1 [0048.649] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Music\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Music\\desktop.ini") returned="C:\\Users\\Public\\Music\\desktop.ini" [0048.650] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Music\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Music\\desktop.ini.{Killback@protonmail.com}KBK" [0048.650] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Music\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\music\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0048.651] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Music\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Music") returned 1 [0048.651] lstrcatW (in: lpString1="C:\\Users\\Public\\Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\") returned="C:\\Users\\Public\\Music\\" [0048.651] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Music\\decrypt_files.html") returned="C:\\Users\\Public\\Music\\decrypt_files.html" [0048.651] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\decrypt_files.html" (normalized: "c:\\users\\public\\music\\decrypt_files.html")) returned 0xffffffff [0048.651] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\decrypt_files.html" (normalized: "c:\\users\\public\\music\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0048.651] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0048.651] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0048.653] CloseHandle (hObject=0x80) returned 1 [0048.653] GetProcessHeap () returned 0x570000 [0048.653] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0048.653] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0048.653] lstrcmpiW (lpString1="Sample Music", lpString2=".") returned 1 [0048.653] lstrcmpiW (lpString1="Sample Music", lpString2="..") returned 1 [0048.653] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\", lpString2="Sample Music" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music") returned="C:\\Users\\Public\\Music\\Sample Music" [0048.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample Music", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0048.653] GetProcessHeap () returned 0x570000 [0048.653] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0048.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sample Music", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sample Music", lpUsedDefaultChar=0x0) returned 13 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0048.654] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0048.655] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0048.656] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0048.656] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0048.656] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0048.656] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0048.656] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0048.656] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0048.656] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sample Music", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0048.656] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0048.656] GetProcessHeap () returned 0x570000 [0048.656] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eeb0 [0048.656] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\") returned 35 [0048.656] GetProcessHeap () returned 0x570000 [0048.656] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x48) returned 0x589108 [0048.656] lstrcpyW (in: lpString1=0x589108, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0048.656] GetProcessHeap () returned 0x570000 [0048.656] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0048.656] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0048.656] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0048.656] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Music\\Sample Music\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0048.656] GetProcessHeap () returned 0x570000 [0048.656] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0048.656] GetProcessHeap () returned 0x570000 [0048.656] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0048.656] lstrlenW (lpString="C:\\Users\\Public\\Music\\Sample Music\\") returned 35 [0048.657] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\*") returned="C:\\Users\\Public\\Music\\Sample Music\\*" [0048.657] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0048.676] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0048.676] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0048.676] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0048.676] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0048.676] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0048.676] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0048.676] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0048.676] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini") returned="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" [0048.676] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0048.676] GetProcessHeap () returned 0x570000 [0048.676] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0048.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0048.677] lstrlenA (lpString="desktop.ini") returned 11 [0048.677] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.677] lstrlenA (lpString="desktop.ini") returned 11 [0048.677] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.677] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0048.677] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0048.677] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0048.677] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0048.677] _alloca_probe () returned 0x40908b [0048.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0048.677] GetProcessHeap () returned 0x570000 [0048.677] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2f) returned 0x5923e0 [0048.677] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x5923e0, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", lpUsedDefaultChar=0x0) returned 47 [0048.677] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0048.677] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{A5BED041-3158-484E-AE00-1EC373BA52AC}") returned 38 [0048.677] lstrlenA (lpString="{A5BED041-3158-484E-AE00-1EC373BA52AC}") returned 38 [0048.677] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0048.678] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=586) returned 1 [0048.678] lstrlenA (lpString="{A5BED041-3158-484E-AE00-1EC373BA52AC}") returned 38 [0048.678] GetProcessHeap () returned 0x570000 [0048.678] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592418 [0048.678] GetProcessHeap () returned 0x570000 [0048.678] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592490 [0048.678] lstrlenA (lpString="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini") returned 46 [0048.694] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x24a, lpOverlapped=0x0) returned 1 [0048.697] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.697] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x250, lpOverlapped=0x0) returned 1 [0048.697] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.697] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0048.697] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0048.697] lstrlenA (lpString="rsa_encrypt") returned 11 [0048.697] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925b8) returned 1 [0048.698] CryptGenRandom (in: hProv=0x5925b8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0048.698] CryptReleaseContext (hProv=0x5925b8, dwFlags=0x0) returned 1 [0048.698] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0048.698] GetProcessHeap () returned 0x570000 [0048.698] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592518 [0048.698] lstrlenA (lpString="010001") returned 6 [0048.698] GetProcessHeap () returned 0x570000 [0048.698] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925a0 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925a0 | out: hHeap=0x570000) returned 1 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925a0 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592628 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0048.699] GetProcessHeap () returned 0x570000 [0048.699] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925a0 | out: hHeap=0x570000) returned 1 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.701] GetProcessHeap () returned 0x570000 [0048.701] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.702] GetProcessHeap () returned 0x570000 [0048.702] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.702] GetProcessHeap () returned 0x570000 [0048.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.703] GetProcessHeap () returned 0x570000 [0048.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.704] GetProcessHeap () returned 0x570000 [0048.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.705] GetProcessHeap () returned 0x570000 [0048.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.706] GetProcessHeap () returned 0x570000 [0048.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.706] GetProcessHeap () returned 0x570000 [0048.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.707] GetProcessHeap () returned 0x570000 [0048.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592628 | out: hHeap=0x570000) returned 1 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0048.708] GetProcessHeap () returned 0x570000 [0048.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0048.709] GetProcessHeap () returned 0x570000 [0048.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0048.709] GetProcessHeap () returned 0x570000 [0048.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0048.709] GetProcessHeap () returned 0x570000 [0048.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0048.709] GetProcessHeap () returned 0x570000 [0048.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0048.709] GetProcessHeap () returned 0x570000 [0048.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0048.709] GetProcessHeap () returned 0x570000 [0048.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592518 | out: hHeap=0x570000) returned 1 [0048.709] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0048.709] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0048.709] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0048.709] CloseHandle (hObject=0x80) returned 1 [0048.713] GetProcessHeap () returned 0x570000 [0048.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0048.713] GetProcessHeap () returned 0x570000 [0048.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0048.713] GetProcessHeap () returned 0x570000 [0048.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0048.713] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini") returned="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" [0048.713] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.{Killback@protonmail.com}KBK" [0048.713] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\music\\sample music\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0048.714] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Music\\Sample Music\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Music\\Sample Music") returned 1 [0048.714] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0048.714] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html") returned="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html" [0048.714] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html" (normalized: "c:\\users\\public\\music\\sample music\\decrypt_files.html")) returned 0xffffffff [0048.714] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html" (normalized: "c:\\users\\public\\music\\sample music\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0048.714] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0048.714] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0048.716] CloseHandle (hObject=0x80) returned 1 [0048.716] GetProcessHeap () returned 0x570000 [0048.716] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0048.716] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Kalimba.mp3", cAlternateFileName="")) returned 1 [0048.716] lstrcmpiW (lpString1="Kalimba.mp3", lpString2=".") returned 1 [0048.716] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="..") returned 1 [0048.716] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="Kalimba.mp3" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" [0048.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Kalimba.mp3", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0048.716] GetProcessHeap () returned 0x570000 [0048.716] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0048.716] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Kalimba.mp3", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Kalimba.mp3", lpUsedDefaultChar=0x0) returned 12 [0048.716] lstrlenA (lpString="Kalimba.mp3") returned 11 [0048.716] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.716] lstrlenA (lpString="Kalimba.mp3") returned 11 [0048.716] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0048.716] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="decrypt_files.html") returned 1 [0048.716] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0048.716] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0048.716] lstrcmpiW (lpString1="Kalimba.mp3", lpString2="sihvgt.exe") returned -1 [0048.716] _alloca_probe () returned 0x40908b [0048.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0048.717] GetProcessHeap () returned 0x570000 [0048.717] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2f) returned 0x5923e0 [0048.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", cchWideChar=-1, lpMultiByteStr=0x5923e0, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", lpUsedDefaultChar=0x0) returned 47 [0048.717] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0048.717] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{C7E9A346-6E1B-4BFA-8FDD-E85A772EC01B}") returned 38 [0048.717] lstrlenA (lpString="{C7E9A346-6E1B-4BFA-8FDD-E85A772EC01B}") returned 38 [0048.717] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0048.717] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=8414449) returned 1 [0048.717] lstrlenA (lpString="{C7E9A346-6E1B-4BFA-8FDD-E85A772EC01B}") returned 38 [0048.717] GetProcessHeap () returned 0x570000 [0048.717] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592418 [0048.717] GetProcessHeap () returned 0x570000 [0048.717] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592490 [0048.717] lstrlenA (lpString="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned 46 [0048.729] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.750] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.752] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.752] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.752] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.752] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.752] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.753] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.753] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.753] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.753] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.753] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.753] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.753] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.754] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.754] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.754] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.754] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.754] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.754] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.754] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.754] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.755] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.755] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.755] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.755] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.755] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.755] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.755] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.756] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.756] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.756] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.756] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.760] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.760] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.760] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.760] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.761] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.761] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.761] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.761] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.762] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.762] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.762] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.763] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.763] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.763] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.763] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.763] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.766] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.766] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.766] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.766] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.767] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.767] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.767] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.768] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.768] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.769] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.769] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.769] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.771] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.772] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.772] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.772] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.773] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.773] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.773] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.773] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.774] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.774] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.775] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.775] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.775] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.776] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.776] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.776] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.776] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.777] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.777] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.777] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.777] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.778] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.778] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.778] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.778] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.779] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.779] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.779] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.780] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.780] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.780] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.780] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.781] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.782] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.782] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.782] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.782] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.783] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.783] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.783] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.784] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.784] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.784] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.785] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.785] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.785] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.786] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.786] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.786] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.787] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.787] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.787] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.787] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.788] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.788] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.788] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.788] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.789] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.789] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.790] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.790] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.791] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.791] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.791] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.792] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.793] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.793] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.793] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.794] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.794] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.794] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.794] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.795] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.795] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.796] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.796] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.796] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.797] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.797] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.797] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.797] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.798] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.798] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.798] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.798] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.799] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.799] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.799] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.800] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.800] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.800] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.800] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.801] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.801] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.802] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.802] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.802] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.803] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.803] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.803] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.803] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.804] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.804] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.804] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.804] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.806] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.806] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.806] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.806] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.807] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.807] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.807] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.808] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.808] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.808] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.809] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.809] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.810] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.810] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.810] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.810] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.810] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.810] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.811] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.820] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.821] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.821] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.821] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.822] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.823] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.823] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.823] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.826] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.826] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.826] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.827] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.827] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.827] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.827] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.828] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.830] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.831] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.831] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.831] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.831] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.832] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.832] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.832] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.833] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.833] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.833] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.834] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.834] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.835] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.835] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.835] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.835] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.835] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.836] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.836] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.839] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.839] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.839] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.840] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.840] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.840] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.840] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.840] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.853] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.854] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.854] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.854] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.854] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.855] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.855] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.855] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.856] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.856] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.856] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.856] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.857] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.865] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.865] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.865] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.866] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.866] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.866] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.866] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.867] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.867] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.868] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.868] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.869] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.870] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.877] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.877] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.877] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.877] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.878] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.878] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.878] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.879] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.879] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.879] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.880] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.880] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.880] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.881] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.881] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.881] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.881] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.882] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.882] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.882] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.882] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.883] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.883] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.883] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.883] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.884] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.884] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.884] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.885] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.885] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.885] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.885] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.886] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.886] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.887] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.887] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.887] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.888] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.888] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.888] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.891] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.891] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.892] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.892] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.892] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.892] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.892] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.893] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.895] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.896] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.896] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.896] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.896] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.897] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.897] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.897] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.898] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.898] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.898] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.898] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.899] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.900] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.900] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.900] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.901] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.901] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.901] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.901] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.902] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.902] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.902] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.902] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.903] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.903] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.904] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.904] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.904] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.905] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.905] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.905] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.905] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.906] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.906] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.906] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.907] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.908] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.908] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.908] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.908] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.909] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.909] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.909] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.909] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.910] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.910] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.910] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.910] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.911] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.911] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.911] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.912] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.912] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.912] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.912] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.913] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.913] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.914] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.914] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.914] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.915] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.915] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.915] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.915] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.916] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.916] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.916] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.916] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.917] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.917] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.917] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.917] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.918] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.918] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.918] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.919] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.920] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.920] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.920] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.921] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.921] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.921] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.922] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.922] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.923] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.923] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.923] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.923] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.924] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.924] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.924] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.924] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.925] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.925] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.925] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.925] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.926] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.926] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.926] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.943] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.944] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.944] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.944] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.944] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.945] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.945] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.945] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.945] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.946] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.946] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.946] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.947] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.947] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.947] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.947] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.948] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.949] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.949] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.949] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.949] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.950] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.950] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.950] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.950] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.951] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.951] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.952] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.952] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.953] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.953] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.953] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.956] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.957] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.957] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.957] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.957] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.958] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.958] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.958] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.960] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.960] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.960] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.960] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.961] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.961] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.961] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.961] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.962] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.962] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.963] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.963] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.963] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.964] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.964] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.964] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.965] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.965] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.965] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.965] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.966] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.966] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.967] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.967] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.967] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.968] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.968] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.968] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.968] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.969] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.969] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.969] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.969] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.970] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.970] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.970] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.971] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.972] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.972] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.972] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.972] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.973] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.973] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.973] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.973] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.974] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.974] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.974] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.975] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.975] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.976] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.976] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.977] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.977] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.977] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.978] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.978] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.979] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.979] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.981] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.981] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.988] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.989] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.990] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.990] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.991] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.991] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.992] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.992] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.993] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.993] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.993] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.994] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.994] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.994] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.994] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.995] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.995] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.995] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.995] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.997] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.997] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.997] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.997] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.997] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0048.998] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0048.999] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0048.999] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0048.999] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.000] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.000] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.000] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.000] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.001] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.001] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.001] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.002] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.002] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.003] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.003] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.003] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.003] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.004] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.004] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.004] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.004] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.005] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.005] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.005] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.006] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.006] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.006] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.006] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.008] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.008] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.008] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.008] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.009] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.009] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.009] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.009] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.010] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.010] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.010] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.010] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.011] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.011] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.011] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.012] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.012] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.012] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.012] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.013] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.013] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.014] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.014] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.014] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.015] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.015] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.015] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.015] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.016] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.016] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.016] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.016] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.017] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.017] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.017] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.018] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.021] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.021] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.021] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.022] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.023] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.023] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.023] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.023] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.024] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.024] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.024] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.028] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.034] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.035] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.035] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.035] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.036] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.036] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.036] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.036] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.037] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.037] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.037] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.038] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.038] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.038] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.039] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.039] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.040] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.040] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.040] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.042] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.043] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.043] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.043] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.043] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.044] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.044] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.049] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.050] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.051] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.051] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.051] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.051] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.052] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.052] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.052] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.052] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.053] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.053] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.053] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.053] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.054] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.054] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.054] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.054] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.055] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.055] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.055] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.056] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.056] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.056] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.057] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.057] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.057] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.058] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.058] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.058] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.059] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.059] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.059] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.059] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.062] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.062] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.062] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.063] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.063] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.063] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.063] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.064] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.064] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.065] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.065] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.065] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.066] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.066] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.066] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.066] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.067] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.067] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.067] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.067] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.069] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.071] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.071] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.080] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.081] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.081] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.081] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.081] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.082] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.082] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.082] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.094] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.094] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.095] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.095] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.096] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.096] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.096] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.096] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.097] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.097] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.097] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.098] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.098] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.098] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.098] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.099] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.099] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.100] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.100] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.100] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.101] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.101] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.101] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.101] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.103] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.103] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.103] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.104] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.104] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.104] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.105] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.105] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.106] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.106] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.106] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.106] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.107] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.107] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.107] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.108] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.108] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.108] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.109] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.109] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.109] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.109] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.109] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.110] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.110] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.110] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.111] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.118] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.119] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.119] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.119] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.119] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.120] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.120] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.120] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.121] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.121] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.132] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.132] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.132] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.132] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.167] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.167] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.167] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.167] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.176] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.177] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.178] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.178] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.178] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.178] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.179] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.179] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.180] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.180] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.180] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.180] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.181] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.181] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.182] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.182] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.182] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.182] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.182] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.183] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.247] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.247] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.247] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.247] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.269] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.269] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.269] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.269] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.274] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.274] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.274] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.274] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.275] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.275] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.275] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.275] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.278] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.278] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.278] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.278] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.283] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.283] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.283] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.283] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.291] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.291] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.292] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.293] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.293] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.294] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.294] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.294] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.295] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.295] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.296] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.296] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.298] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.298] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.298] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.299] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.299] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.299] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.299] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.300] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.300] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.301] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.301] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.302] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.303] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.303] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.304] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.304] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.314] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.315] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.315] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.315] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.315] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.316] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.316] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.316] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.316] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.317] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.318] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.318] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.318] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.319] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.319] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.320] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.320] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.321] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.321] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.322] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.322] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.323] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.323] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.323] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.323] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.324] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.324] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.324] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.325] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.325] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.325] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.326] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.326] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.326] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.327] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.327] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.327] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.327] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.328] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.328] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.328] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.328] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.329] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.329] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.329] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.331] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.331] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.331] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.331] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.332] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.332] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.332] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.332] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.333] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.333] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.333] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.334] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.334] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.334] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.335] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.335] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.335] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.336] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.336] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.336] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.336] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.337] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.338] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.338] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.338] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.339] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.339] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.339] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.339] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.340] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.340] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.340] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.340] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.341] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.341] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.341] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.342] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.342] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.343] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.343] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.346] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.346] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.347] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.347] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.348] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.348] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.348] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.348] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.348] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.349] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.349] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.349] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.350] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.350] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.351] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.351] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.352] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.353] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.353] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.353] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.354] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.355] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.356] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.356] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.357] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.358] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.359] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.359] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.360] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.360] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.362] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.363] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.364] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.365] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.372] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.372] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.491] lstrlenA (lpString="rsa_encrypt") returned 11 [0049.491] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925b8) returned 1 [0049.492] CryptGenRandom (in: hProv=0x5925b8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0049.492] CryptReleaseContext (hProv=0x5925b8, dwFlags=0x0) returned 1 [0049.492] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0049.492] GetProcessHeap () returned 0x570000 [0049.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592518 [0049.492] lstrlenA (lpString="010001") returned 6 [0049.492] GetProcessHeap () returned 0x570000 [0049.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925a0 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925a0 | out: hHeap=0x570000) returned 1 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925a0 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592628 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0049.493] GetProcessHeap () returned 0x570000 [0049.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925a0 | out: hHeap=0x570000) returned 1 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.494] GetProcessHeap () returned 0x570000 [0049.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.494] GetProcessHeap () returned 0x570000 [0049.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.495] GetProcessHeap () returned 0x570000 [0049.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.496] GetProcessHeap () returned 0x570000 [0049.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.497] GetProcessHeap () returned 0x570000 [0049.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.497] GetProcessHeap () returned 0x570000 [0049.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.498] GetProcessHeap () returned 0x570000 [0049.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.499] GetProcessHeap () returned 0x570000 [0049.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.499] GetProcessHeap () returned 0x570000 [0049.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.500] GetProcessHeap () returned 0x570000 [0049.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.500] GetProcessHeap () returned 0x570000 [0049.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.500] GetProcessHeap () returned 0x570000 [0049.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.500] GetProcessHeap () returned 0x570000 [0049.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.500] GetProcessHeap () returned 0x570000 [0049.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.500] GetProcessHeap () returned 0x570000 [0049.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.500] GetProcessHeap () returned 0x570000 [0049.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.500] GetProcessHeap () returned 0x570000 [0049.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.500] GetProcessHeap () returned 0x570000 [0049.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.501] GetProcessHeap () returned 0x570000 [0049.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592628 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0049.502] GetProcessHeap () returned 0x570000 [0049.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592518 | out: hHeap=0x570000) returned 1 [0049.502] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0049.503] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0049.503] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0049.503] CloseHandle (hObject=0x80) returned 1 [0049.821] GetProcessHeap () returned 0x570000 [0049.821] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0049.821] GetProcessHeap () returned 0x570000 [0049.821] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0049.821] GetProcessHeap () returned 0x570000 [0049.821] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0049.821] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3") returned="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" [0049.821] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.{Killback@protonmail.com}KBK" [0049.821] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0049.822] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" | out: pszPath="C:\\Users\\Public\\Music\\Sample Music") returned 1 [0049.822] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0049.822] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html") returned="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html" [0049.822] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html" (normalized: "c:\\users\\public\\music\\sample music\\decrypt_files.html")) returned 0x20 [0049.822] GetProcessHeap () returned 0x570000 [0049.822] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0049.822] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Maid with the Flaxen Hair.mp3", cAlternateFileName="MAIDWI~1.MP3")) returned 1 [0049.822] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".") returned 1 [0049.822] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="..") returned 1 [0049.822] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="Maid with the Flaxen Hair.mp3" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" [0049.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Maid with the Flaxen Hair.mp3", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 30 [0049.822] GetProcessHeap () returned 0x570000 [0049.822] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1e) returned 0x590698 [0049.822] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Maid with the Flaxen Hair.mp3", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=30, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Maid with the Flaxen Hair.mp3", lpUsedDefaultChar=0x0) returned 30 [0049.822] lstrlenA (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0049.822] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0049.822] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0049.822] lstrlenA (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0049.822] lstrcmpiA (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0049.823] lstrlenA (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0049.823] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0049.823] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0049.823] lstrlenA (lpString="Maid with the Flaxen Hair.mp3") returned 29 [0049.823] lstrcmpiA (lpString1="Maid with the Flaxen Hair.mp3", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0049.823] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="decrypt_files.html") returned 1 [0049.823] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0049.823] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0049.823] lstrcmpiW (lpString1="Maid with the Flaxen Hair.mp3", lpString2="sihvgt.exe") returned -1 [0049.823] _alloca_probe () returned 0x40908b [0049.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0049.823] GetProcessHeap () returned 0x570000 [0049.823] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x41) returned 0x589108 [0049.823] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", cchWideChar=-1, lpMultiByteStr=0x589108, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpUsedDefaultChar=0x0) returned 65 [0049.823] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0049.823] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{3641AB1B-3D99-44A6-8434-9CB41FE672DA}") returned 38 [0049.823] lstrlenA (lpString="{3641AB1B-3D99-44A6-8434-9CB41FE672DA}") returned 38 [0049.823] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0049.823] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=4113874) returned 1 [0049.823] lstrlenA (lpString="{3641AB1B-3D99-44A6-8434-9CB41FE672DA}") returned 38 [0049.824] GetProcessHeap () returned 0x570000 [0049.824] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923e0 [0049.824] GetProcessHeap () returned 0x570000 [0049.824] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592458 [0049.824] lstrlenA (lpString="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned 64 [0049.837] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.851] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.852] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.852] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.852] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.854] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.854] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.854] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.854] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.854] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.855] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.855] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.855] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.855] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.855] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.855] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.856] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.856] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.856] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.856] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.856] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.856] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.857] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.857] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.857] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.857] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.857] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.857] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.857] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.857] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.858] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.858] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.858] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.869] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.869] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.870] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.870] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.870] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.871] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.871] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.872] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.872] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.873] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.873] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.873] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.873] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.874] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.874] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.874] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.874] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.875] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.875] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.876] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.876] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.876] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.877] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.877] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.877] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.878] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.879] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.879] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.879] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.882] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.883] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.883] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.883] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.884] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.884] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.884] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.884] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.885] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.885] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.886] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.886] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.886] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.887] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.887] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.887] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.887] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.893] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.893] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.893] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.894] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.895] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.895] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.895] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.895] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.896] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.896] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.896] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.897] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.897] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.897] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.897] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.898] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.898] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.899] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.899] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.899] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.900] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.900] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.900] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.900] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.901] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.901] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.901] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.902] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.902] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.902] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.902] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.903] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.904] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.904] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.904] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.904] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.905] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.905] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.905] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.906] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.906] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.906] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.906] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.907] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.908] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.908] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.908] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.909] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.910] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.910] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.910] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.910] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.911] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.911] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.911] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.911] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.912] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.912] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.912] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.913] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.913] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.913] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.913] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.914] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.914] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.915] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.915] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.915] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.916] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.916] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.916] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.917] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.917] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.917] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.917] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.918] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.918] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.919] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.919] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.919] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.920] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.920] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.920] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.920] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.921] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.921] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.921] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.922] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.922] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.922] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.922] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.923] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.923] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.924] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.924] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.924] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.925] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.925] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.925] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.926] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.926] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.926] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.926] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.927] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.927] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.927] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.927] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.948] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.948] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.949] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.949] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.951] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.951] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.951] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.951] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.952] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.952] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.953] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.953] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.953] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.953] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.953] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.953] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.980] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.981] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.981] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.981] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.981] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.982] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.982] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.982] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.983] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.983] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.983] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.983] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.984] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.984] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.984] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.985] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.985] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.985] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.986] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.986] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.986] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.987] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.987] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.987] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.987] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.988] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.988] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.988] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.988] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.989] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.989] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.989] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.989] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.990] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.990] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.990] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.993] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.993] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.993] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.993] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.993] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.994] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.994] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.994] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.994] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.995] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.995] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.995] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0049.996] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0049.997] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0049.997] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0049.997] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.004] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.005] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.005] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.005] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.005] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.006] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.006] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.006] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.007] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.007] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.007] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.007] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.008] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.008] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.008] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.008] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.009] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.012] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.012] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.012] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.013] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.013] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.014] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.014] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.014] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.014] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.014] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.014] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.019] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.020] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.020] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.020] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.020] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.021] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.021] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.021] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.021] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.022] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.022] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.022] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.023] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.023] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.023] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.023] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.024] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.024] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.025] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.025] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.026] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.026] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.026] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.026] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.027] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.027] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.027] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.027] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.028] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.028] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.028] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.029] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.030] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.030] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.030] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.030] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.031] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.031] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.031] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.032] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.032] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.032] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.032] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.033] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.033] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.034] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.034] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.034] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.035] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.035] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.035] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.036] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.036] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.036] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.037] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.037] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.038] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.038] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.038] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.039] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.039] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.039] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.039] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.045] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.045] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.045] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.046] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.046] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.046] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.046] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.046] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.047] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.047] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.047] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.047] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.048] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.048] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.048] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.048] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.049] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.049] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.049] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.049] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.049] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.050] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.050] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.050] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.050] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.051] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.051] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.051] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.051] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.052] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.052] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.052] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.052] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.054] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.054] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.054] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.054] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.054] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.055] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.055] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.055] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.055] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.055] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.056] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.056] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.057] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.057] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.057] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.057] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.057] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.057] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.058] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.061] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.061] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.061] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.061] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.062] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.062] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.062] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.062] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.073] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.073] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.073] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.073] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.074] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.074] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.075] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.077] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.077] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.077] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.078] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.078] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.086] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.087] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.087] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.087] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.088] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.088] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.088] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.088] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.089] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.089] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.089] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.090] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.090] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.091] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.091] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.091] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.091] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.092] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.092] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.092] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.093] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.093] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.095] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.095] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.096] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.096] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.096] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.096] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.097] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.097] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.098] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.098] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.098] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.099] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.099] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.099] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.099] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.100] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.100] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.100] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.100] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.101] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.101] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.101] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.101] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.102] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.102] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.102] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.103] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.103] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.103] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.103] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.104] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.105] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.105] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.105] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.105] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.106] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.106] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.106] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.106] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.107] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.107] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.107] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.108] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.108] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.108] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.108] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.109] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.109] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.109] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.109] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.110] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.110] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.110] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.111] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.111] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.112] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.112] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.113] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.113] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.120] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.121] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.122] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.122] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.123] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.123] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.124] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.124] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.125] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.125] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.130] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.130] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.130] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.130] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.131] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.131] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.131] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.131] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.132] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.132] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.133] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.133] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.136] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.136] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.136] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.136] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.137] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.137] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.137] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.137] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.138] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.138] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.139] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.139] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.139] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.142] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.143] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.143] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.143] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.144] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.144] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.144] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.144] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.145] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.145] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.145] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.145] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.146] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.146] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.146] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.147] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.148] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.148] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.148] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.148] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.149] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.149] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.150] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.150] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.150] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.150] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.151] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.151] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.151] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.151] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.152] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.152] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.152] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.152] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.153] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.154] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.154] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.154] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.155] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.155] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.155] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.155] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.156] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.156] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.156] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.156] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.157] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.157] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.158] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.158] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.158] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.159] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.159] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.159] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.160] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.160] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.161] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.161] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.161] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.161] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.161] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.162] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.162] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.162] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.162] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.162] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.163] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.163] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.163] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.163] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.164] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.164] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.164] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.164] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.165] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.165] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.165] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.165] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.166] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.167] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.167] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.167] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.167] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.168] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.168] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.168] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.168] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.169] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.169] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.169] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.169] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.170] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.170] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.170] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.170] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.171] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.171] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.171] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.172] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.172] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.172] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.172] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.173] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.173] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.173] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.173] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.174] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.174] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.175] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.175] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.175] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.175] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.176] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.176] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.177] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.177] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.179] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.179] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.180] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.180] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.180] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.180] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.181] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.181] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.181] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.182] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.183] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.183] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.183] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.208] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.208] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.208] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.209] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.209] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.210] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.210] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.211] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.211] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.212] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.212] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.212] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.213] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.213] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.213] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.213] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.214] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.214] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.214] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.215] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.215] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.216] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.216] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.217] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.217] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.218] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.218] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.219] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.219] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.220] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.220] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.220] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.220] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.221] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.222] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.223] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.223] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.224] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.224] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.224] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.224] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.225] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.225] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.225] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.225] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.226] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.227] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.227] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.228] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.228] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.228] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.228] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.229] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.230] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.230] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.231] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.231] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.231] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.232] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.233] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.233] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.233] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.240] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.241] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.241] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.241] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.241] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.242] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.242] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.242] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.243] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.243] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.243] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.244] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.244] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.245] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.245] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.245] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.245] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.245] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.246] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.246] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.248] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.249] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.249] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.249] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.264] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.264] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.264] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.264] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.265] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.266] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.266] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.266] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.266] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.267] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.267] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.267] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.267] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.268] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.268] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.268] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.269] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.269] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.269] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.269] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.273] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.273] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.273] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.273] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.274] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.274] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.275] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.275] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.275] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.276] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.276] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.276] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.279] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.280] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.280] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.280] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.280] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.282] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.283] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.283] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.284] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.284] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.284] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.284] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.285] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.285] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.286] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.286] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.286] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.287] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.287] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.287] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.288] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.289] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.289] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.289] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.290] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.290] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.290] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.290] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.291] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.291] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.292] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.293] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.293] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.294] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.294] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.294] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.294] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.295] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.295] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.296] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.296] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.297] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.298] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.298] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.298] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.298] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.299] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.299] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.299] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.300] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.300] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.301] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.302] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.304] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.304] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.305] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.305] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.305] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.305] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.306] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.306] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.307] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.307] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.307] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.308] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.308] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.308] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.308] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.309] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.309] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.309] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.310] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.310] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.310] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.310] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.311] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.311] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.312] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.312] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.312] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.313] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.314] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.314] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.317] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.317] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.317] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.317] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.318] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.319] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.319] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.320] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.320] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.321] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.322] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.323] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.323] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.323] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.324] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.324] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.324] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.324] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.325] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.325] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.325] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.325] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.326] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.326] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.327] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.327] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.328] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.329] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.329] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.329] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.330] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.330] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.330] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.330] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.331] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.331] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.331] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.331] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.332] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.332] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.333] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.333] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.333] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.334] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.334] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.334] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.339] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.339] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.339] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.339] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.350] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.351] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.351] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.351] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.352] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.352] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.352] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.353] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.353] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.354] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.354] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.354] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.355] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.355] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.355] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.355] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.356] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.357] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.358] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.359] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.359] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xfffffa2e, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.360] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.360] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0050.362] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0050.362] lstrlenA (lpString="rsa_encrypt") returned 11 [0050.362] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592580) returned 1 [0050.363] CryptGenRandom (in: hProv=0x592580, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0050.363] CryptReleaseContext (hProv=0x592580, dwFlags=0x0) returned 1 [0050.363] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0050.363] GetProcessHeap () returned 0x570000 [0050.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e0 [0050.363] lstrlenA (lpString="010001") returned 6 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592568 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592568 | out: hHeap=0x570000) returned 1 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592568 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5925f0 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0050.364] GetProcessHeap () returned 0x570000 [0050.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0050.365] GetProcessHeap () returned 0x570000 [0050.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592568 | out: hHeap=0x570000) returned 1 [0050.365] GetProcessHeap () returned 0x570000 [0050.365] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0050.365] GetProcessHeap () returned 0x570000 [0050.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0050.365] GetProcessHeap () returned 0x570000 [0050.365] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.365] GetProcessHeap () returned 0x570000 [0050.365] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0050.365] GetProcessHeap () returned 0x570000 [0050.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0050.365] GetProcessHeap () returned 0x570000 [0050.366] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.366] GetProcessHeap () returned 0x570000 [0050.366] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.367] GetProcessHeap () returned 0x570000 [0050.367] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.367] GetProcessHeap () returned 0x570000 [0050.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.368] GetProcessHeap () returned 0x570000 [0050.368] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.368] GetProcessHeap () returned 0x570000 [0050.369] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.369] GetProcessHeap () returned 0x570000 [0050.369] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.370] GetProcessHeap () returned 0x570000 [0050.370] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.370] GetProcessHeap () returned 0x570000 [0050.371] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.371] GetProcessHeap () returned 0x570000 [0050.371] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.372] GetProcessHeap () returned 0x570000 [0050.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0050.373] GetProcessHeap () returned 0x570000 [0050.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925f0 | out: hHeap=0x570000) returned 1 [0050.373] GetProcessHeap () returned 0x570000 [0050.374] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0050.374] GetProcessHeap () returned 0x570000 [0050.374] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0050.374] GetProcessHeap () returned 0x570000 [0050.374] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0050.374] GetProcessHeap () returned 0x570000 [0050.374] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0050.374] GetProcessHeap () returned 0x570000 [0050.374] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0050.374] GetProcessHeap () returned 0x570000 [0050.374] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0050.374] GetProcessHeap () returned 0x570000 [0050.374] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0050.374] GetProcessHeap () returned 0x570000 [0050.374] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e0 | out: hHeap=0x570000) returned 1 [0050.374] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0050.374] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0050.374] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0050.374] CloseHandle (hObject=0x80) returned 1 [0050.513] GetProcessHeap () returned 0x570000 [0050.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0050.513] GetProcessHeap () returned 0x570000 [0050.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0050.513] GetProcessHeap () returned 0x570000 [0050.513] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0050.513] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3") returned="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" [0050.513] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.{Killback@protonmail.com}KBK" [0050.514] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0050.514] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" | out: pszPath="C:\\Users\\Public\\Music\\Sample Music") returned 1 [0050.514] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0050.514] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html") returned="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html" [0050.514] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html" (normalized: "c:\\users\\public\\music\\sample music\\decrypt_files.html")) returned 0x20 [0050.514] GetProcessHeap () returned 0x570000 [0050.514] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0050.514] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 1 [0050.514] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2=".") returned 1 [0050.515] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="..") returned 1 [0050.515] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="Sleep Away.mp3" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" [0050.515] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sleep Away.mp3", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0050.515] GetProcessHeap () returned 0x570000 [0050.515] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590f68 [0050.515] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sleep Away.mp3", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sleep Away.mp3", lpUsedDefaultChar=0x0) returned 15 [0050.515] lstrlenA (lpString="Sleep Away.mp3") returned 14 [0050.515] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0050.515] lstrlenA (lpString="Sleep Away.mp3") returned 14 [0050.515] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0050.515] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="decrypt_files.html") returned 1 [0050.515] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0050.515] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0050.515] lstrcmpiW (lpString1="Sleep Away.mp3", lpString2="sihvgt.exe") returned 1 [0050.515] _alloca_probe () returned 0x40908b [0050.515] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0050.515] GetProcessHeap () returned 0x570000 [0050.515] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x5923e0 [0050.515] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", cchWideChar=-1, lpMultiByteStr=0x5923e0, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpUsedDefaultChar=0x0) returned 50 [0050.515] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0050.515] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{66A9EC50-F336-4A6E-BAEE-370DAC879672}") returned 38 [0050.515] lstrlenA (lpString="{66A9EC50-F336-4A6E-BAEE-370DAC879672}") returned 38 [0050.515] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0050.516] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=4842585) returned 1 [0050.516] lstrlenA (lpString="{66A9EC50-F336-4A6E-BAEE-370DAC879672}") returned 38 [0050.516] GetProcessHeap () returned 0x570000 [0050.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592420 [0050.516] GetProcessHeap () returned 0x570000 [0050.516] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592498 [0050.516] lstrlenA (lpString="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned 49 [0050.532] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.534] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.534] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.535] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.535] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.895] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.896] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.896] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.896] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.896] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.896] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.896] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.897] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.897] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.897] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.897] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.897] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.897] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.898] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.898] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.898] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.898] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.898] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.898] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.898] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.898] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.899] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.899] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.899] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.899] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.899] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.900] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.900] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.937] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.938] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.938] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.938] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.939] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.940] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.940] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.940] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.941] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.941] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.941] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.941] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.942] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.942] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.942] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.942] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.943] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.944] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.944] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.944] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.945] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.945] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.945] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.945] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.946] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.946] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.946] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.946] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.948] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.949] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.949] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.949] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.950] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.950] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.950] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.950] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.951] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.951] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.951] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.952] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.952] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.953] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.953] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.953] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.954] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.954] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.954] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.954] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.955] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.955] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.955] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.955] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.956] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.956] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.957] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.957] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.958] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.958] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.958] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.958] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.959] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.959] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.959] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.960] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.960] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.961] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.961] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.961] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.962] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.962] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.962] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.962] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.963] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.963] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.963] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.963] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.964] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.964] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.965] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.965] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.965] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.966] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.966] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.966] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.967] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.967] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.967] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.967] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0050.967] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0050.968] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0050.968] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0050.968] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.072] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.072] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.073] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.073] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.073] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.074] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.074] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.074] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.075] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.075] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.075] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.075] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.076] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.076] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.076] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.076] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.077] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.077] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.077] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.077] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.078] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.078] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.079] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.079] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.079] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.080] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.080] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.080] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.081] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.081] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.081] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.081] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.082] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.082] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.082] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.082] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.083] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.083] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.084] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.084] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.084] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.085] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.085] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.085] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.085] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.086] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.086] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.086] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.087] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.087] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.087] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.087] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.088] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.088] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.088] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.088] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.089] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.089] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.090] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.090] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.090] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.090] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.091] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.091] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.100] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.100] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.100] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.100] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.101] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.101] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.102] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.102] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.102] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.103] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.103] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.103] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.104] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.104] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.104] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.104] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.105] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.105] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.105] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.106] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.106] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.107] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.107] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.107] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.107] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.108] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.108] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.108] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.109] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.109] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.109] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.109] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.110] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.110] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.110] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.110] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.111] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.111] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.112] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.112] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.112] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.113] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.113] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.113] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.114] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.114] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.114] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.114] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.115] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.115] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.115] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.115] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.116] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.116] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.116] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.116] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.117] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.117] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.118] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.118] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.118] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.118] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.118] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.118] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.154] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.154] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.154] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.154] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.161] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.162] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.162] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.162] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.163] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.163] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.163] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.163] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.164] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.164] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.164] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.164] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.165] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.165] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.165] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.165] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.166] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.168] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.168] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.168] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.169] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.169] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.169] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.169] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.170] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.170] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.170] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.170] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.171] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.171] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.171] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.172] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.172] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.173] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.173] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.173] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.173] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.174] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.174] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.175] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.175] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.175] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.175] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.176] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.176] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.177] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.178] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.178] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.178] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.179] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.179] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.179] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.185] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.185] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.185] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.185] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.186] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.186] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.187] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.187] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.187] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.188] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.188] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.188] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.188] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.192] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.192] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.192] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.193] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.193] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.193] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.193] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.197] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.198] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.199] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.199] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.200] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.200] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.200] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.200] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.202] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.202] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.202] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.202] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.204] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.205] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.205] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.205] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.206] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.206] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.206] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.206] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.208] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.208] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.208] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.208] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.209] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.209] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.209] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.210] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.211] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.211] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.211] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.211] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.212] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.213] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.213] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.213] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.214] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.215] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.215] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.215] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.216] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.216] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.218] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.219] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.219] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.219] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.220] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.221] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.222] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.222] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.222] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.223] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.224] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.224] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.224] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.225] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.225] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.226] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.226] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.227] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.227] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.228] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.228] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.228] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.229] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.230] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.230] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.231] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.235] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.237] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.237] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.237] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.238] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.238] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.238] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.238] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.239] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.239] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.240] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.240] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.240] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.241] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.241] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.242] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.242] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.243] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.243] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.243] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.244] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.245] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.245] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.245] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.246] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.246] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.246] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.246] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.247] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.248] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.248] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.248] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.288] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.289] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.289] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.289] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.290] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.290] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.290] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.290] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.292] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.292] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.293] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.294] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.295] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.296] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.297] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.298] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.298] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.298] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.298] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.299] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.299] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.299] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.299] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.301] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.301] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.302] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.302] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.303] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.303] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.304] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.304] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.304] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.305] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.305] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.306] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.306] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.307] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.308] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.308] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0051.308] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.309] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0051.309] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.310] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.311] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.311] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.312] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.312] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.315] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.315] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.326] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.326] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.366] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.366] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.367] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.367] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.368] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.368] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.369] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.369] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.370] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.370] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.371] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.372] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.372] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.373] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.374] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.374] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.375] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.375] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.376] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.376] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.378] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.378] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.379] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.379] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.381] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.381] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.382] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.382] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.386] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.387] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.388] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.388] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.390] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.390] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.391] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.391] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.392] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.392] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.394] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.394] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.395] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.395] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.396] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.397] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.398] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.398] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.399] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.399] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.401] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.401] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.403] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.403] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.404] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.404] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.405] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.405] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.406] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.406] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.407] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.408] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.468] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.468] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.469] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.469] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.593] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.593] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.594] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.594] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.595] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.595] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.596] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.596] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.597] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.597] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.598] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.598] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.599] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.599] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.600] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.600] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.601] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.601] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.602] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.602] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.603] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.603] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.604] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.604] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.605] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.605] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.605] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.606] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.705] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.706] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.706] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.707] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.707] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.708] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.708] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.709] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.712] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.713] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.714] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.714] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.715] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.715] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.716] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.716] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.716] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.716] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.720] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.720] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.721] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.721] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.722] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.722] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.723] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.723] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.724] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.724] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.725] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.725] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.726] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.726] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.827] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.827] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.834] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.834] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.835] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.835] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.836] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.836] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.837] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.837] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.838] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.838] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.839] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.839] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.840] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.840] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.844] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.844] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.845] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.845] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.845] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.845] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.846] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.846] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.847] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.847] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.848] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.848] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.849] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.849] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0051.849] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0051.850] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.034] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.034] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.035] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.035] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.036] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.036] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.037] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.040] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.041] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.041] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.042] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.043] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.043] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.044] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.045] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.045] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.046] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.046] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.047] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.047] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.048] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.048] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.049] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.049] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.050] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.050] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.051] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.051] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.052] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.052] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.053] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.054] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.055] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.055] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.056] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.057] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.058] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.058] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.061] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.061] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.062] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.062] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.063] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.063] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.064] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.064] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.065] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.065] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.158] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.158] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.159] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.159] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.160] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.160] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.161] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.161] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.162] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.162] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.163] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.163] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.164] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.164] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.165] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.165] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.167] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.167] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.171] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.171] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.172] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.172] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.173] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.173] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.174] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.174] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.175] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.176] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.176] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.177] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.177] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.177] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.264] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.265] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.265] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.266] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.267] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.268] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.278] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.278] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.279] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.279] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.280] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.280] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.281] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.281] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.283] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.283] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.289] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.289] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.296] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.297] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.300] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.301] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.301] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.302] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.303] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.303] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.304] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.304] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.305] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.305] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.417] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.417] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.418] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.418] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.419] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.419] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.420] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.420] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.421] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.421] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.427] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.427] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.430] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.431] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.432] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.432] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.434] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.434] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.435] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.435] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.436] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.436] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.437] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.437] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.438] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.438] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.439] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.439] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.439] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.440] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.441] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.441] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.442] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.442] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.443] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.443] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.444] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.444] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.445] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.445] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.446] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.446] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.447] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.447] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.448] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.448] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.448] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.449] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.530] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.530] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.531] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.531] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.535] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.535] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.536] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.539] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.540] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.540] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.541] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.541] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.542] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.542] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.543] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.543] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0052.543] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0052.544] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0052.545] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0052.545] lstrlenA (lpString="rsa_encrypt") returned 11 [0052.545] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5925c0) returned 1 [0052.546] CryptGenRandom (in: hProv=0x5925c0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0052.546] CryptReleaseContext (hProv=0x5925c0, dwFlags=0x0) returned 1 [0052.546] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0052.546] GetProcessHeap () returned 0x570000 [0052.546] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592520 [0052.546] lstrlenA (lpString="010001") returned 6 [0052.546] GetProcessHeap () returned 0x570000 [0052.546] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0052.546] GetProcessHeap () returned 0x570000 [0052.546] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925a8 [0052.546] GetProcessHeap () returned 0x570000 [0052.546] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0052.546] GetProcessHeap () returned 0x570000 [0052.546] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925a8 | out: hHeap=0x570000) returned 1 [0052.546] GetProcessHeap () returned 0x570000 [0052.546] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0052.546] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925a8 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592630 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925a8 | out: hHeap=0x570000) returned 1 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0052.547] GetProcessHeap () returned 0x570000 [0052.547] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0052.547] GetProcessHeap () returned 0x570000 [0052.548] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.548] GetProcessHeap () returned 0x570000 [0052.548] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.549] GetProcessHeap () returned 0x570000 [0052.549] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.549] GetProcessHeap () returned 0x570000 [0052.550] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.550] GetProcessHeap () returned 0x570000 [0052.550] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.550] GetProcessHeap () returned 0x570000 [0052.550] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.550] GetProcessHeap () returned 0x570000 [0052.550] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.550] GetProcessHeap () returned 0x570000 [0052.550] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.550] GetProcessHeap () returned 0x570000 [0052.550] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.550] GetProcessHeap () returned 0x570000 [0052.550] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.550] GetProcessHeap () returned 0x570000 [0052.550] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.550] GetProcessHeap () returned 0x570000 [0052.550] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.550] GetProcessHeap () returned 0x570000 [0052.550] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.550] GetProcessHeap () returned 0x570000 [0052.550] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.551] GetProcessHeap () returned 0x570000 [0052.551] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.551] GetProcessHeap () returned 0x570000 [0052.551] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.551] GetProcessHeap () returned 0x570000 [0052.551] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.551] GetProcessHeap () returned 0x570000 [0052.551] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.551] GetProcessHeap () returned 0x570000 [0052.551] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.551] GetProcessHeap () returned 0x570000 [0052.551] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.551] GetProcessHeap () returned 0x570000 [0052.551] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.551] GetProcessHeap () returned 0x570000 [0052.552] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.552] GetProcessHeap () returned 0x570000 [0052.552] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.553] GetProcessHeap () returned 0x570000 [0052.553] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.554] GetProcessHeap () returned 0x570000 [0052.554] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.554] GetProcessHeap () returned 0x570000 [0052.555] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.555] GetProcessHeap () returned 0x570000 [0052.555] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.555] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592630 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.556] GetProcessHeap () returned 0x570000 [0052.556] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592520 | out: hHeap=0x570000) returned 1 [0052.556] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0052.556] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0052.556] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0052.557] CloseHandle (hObject=0x80) returned 1 [0052.679] GetProcessHeap () returned 0x570000 [0052.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0052.679] GetProcessHeap () returned 0x570000 [0052.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592420 | out: hHeap=0x570000) returned 1 [0052.679] GetProcessHeap () returned 0x570000 [0052.680] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592498 | out: hHeap=0x570000) returned 1 [0052.680] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3") returned="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" [0052.680] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.{Killback@protonmail.com}KBK" [0052.680] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0052.680] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" | out: pszPath="C:\\Users\\Public\\Music\\Sample Music") returned 1 [0052.680] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\") returned="C:\\Users\\Public\\Music\\Sample Music\\" [0052.680] lstrcatW (in: lpString1="C:\\Users\\Public\\Music\\Sample Music\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html") returned="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html" [0052.681] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\decrypt_files.html" (normalized: "c:\\users\\public\\music\\sample music\\decrypt_files.html")) returned 0x20 [0052.681] GetProcessHeap () returned 0x570000 [0052.681] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0052.681] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 0 [0052.681] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0052.681] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Libraries\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0052.681] GetProcessHeap () returned 0x570000 [0052.681] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0052.681] GetProcessHeap () returned 0x570000 [0052.681] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.681] lstrlenW (lpString="C:\\Users\\Public\\Libraries\\") returned 26 [0052.681] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Libraries\\*") returned="C:\\Users\\Public\\Libraries\\*" [0052.681] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0052.681] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.682] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.682] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.682] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.682] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.682] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.682] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.682] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Libraries\\desktop.ini") returned="C:\\Users\\Public\\Libraries\\desktop.ini" [0052.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0052.682] GetProcessHeap () returned 0x570000 [0052.682] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0052.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0052.682] lstrlenA (lpString="desktop.ini") returned 11 [0052.682] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0052.682] lstrlenA (lpString="desktop.ini") returned 11 [0052.682] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0052.682] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0052.682] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0052.682] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0052.682] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0052.682] _alloca_probe () returned 0x40908b [0052.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Libraries\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0052.682] GetProcessHeap () returned 0x570000 [0052.682] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x26) returned 0x5923a0 [0052.682] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Libraries\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x5923a0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Libraries\\desktop.ini", lpUsedDefaultChar=0x0) returned 38 [0052.682] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0052.683] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{7FE1DD25-14CC-4557-8A8D-F0F111336BED}") returned 38 [0052.683] lstrlenA (lpString="{7FE1DD25-14CC-4557-8A8D-F0F111336BED}") returned 38 [0052.683] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0052.683] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=88) returned 1 [0052.683] lstrlenA (lpString="{7FE1DD25-14CC-4557-8A8D-F0F111336BED}") returned 38 [0052.683] GetProcessHeap () returned 0x570000 [0052.683] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923d0 [0052.683] GetProcessHeap () returned 0x570000 [0052.683] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592448 [0052.683] lstrlenA (lpString="C:\\Users\\Public\\Libraries\\desktop.ini") returned 37 [0052.701] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x58, lpOverlapped=0x0) returned 1 [0052.702] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0052.702] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x60, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x60, lpOverlapped=0x0) returned 1 [0052.702] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0052.702] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0052.702] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0052.702] lstrlenA (lpString="rsa_encrypt") returned 11 [0052.702] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592570) returned 1 [0052.703] CryptGenRandom (in: hProv=0x592570, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0052.703] CryptReleaseContext (hProv=0x592570, dwFlags=0x0) returned 1 [0052.703] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0052.703] GetProcessHeap () returned 0x570000 [0052.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d0 [0052.703] lstrlenA (lpString="010001") returned 6 [0052.703] GetProcessHeap () returned 0x570000 [0052.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee90 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592558 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5925e0 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592558 | out: hHeap=0x570000) returned 1 [0052.704] GetProcessHeap () returned 0x570000 [0052.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.705] GetProcessHeap () returned 0x570000 [0052.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.705] GetProcessHeap () returned 0x570000 [0052.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.706] GetProcessHeap () returned 0x570000 [0052.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.706] GetProcessHeap () returned 0x570000 [0052.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.707] GetProcessHeap () returned 0x570000 [0052.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.708] GetProcessHeap () returned 0x570000 [0052.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.709] GetProcessHeap () returned 0x570000 [0052.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.710] GetProcessHeap () returned 0x570000 [0052.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.711] GetProcessHeap () returned 0x570000 [0052.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.711] GetProcessHeap () returned 0x570000 [0052.711] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.711] GetProcessHeap () returned 0x570000 [0052.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.711] GetProcessHeap () returned 0x570000 [0052.711] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.711] GetProcessHeap () returned 0x570000 [0052.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.711] GetProcessHeap () returned 0x570000 [0052.711] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.712] GetProcessHeap () returned 0x570000 [0052.712] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.713] GetProcessHeap () returned 0x570000 [0052.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.713] GetProcessHeap () returned 0x570000 [0052.713] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.713] GetProcessHeap () returned 0x570000 [0052.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.713] GetProcessHeap () returned 0x570000 [0052.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0052.713] GetProcessHeap () returned 0x570000 [0052.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0052.713] GetProcessHeap () returned 0x570000 [0052.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e0 | out: hHeap=0x570000) returned 1 [0052.713] GetProcessHeap () returned 0x570000 [0052.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0052.713] GetProcessHeap () returned 0x570000 [0052.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0052.713] GetProcessHeap () returned 0x570000 [0052.713] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0052.713] GetProcessHeap () returned 0x570000 [0052.717] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0052.717] GetProcessHeap () returned 0x570000 [0052.717] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0052.717] GetProcessHeap () returned 0x570000 [0052.717] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0052.717] GetProcessHeap () returned 0x570000 [0052.717] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.717] GetProcessHeap () returned 0x570000 [0052.717] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0052.717] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0052.717] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0052.717] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0052.718] CloseHandle (hObject=0x80) returned 1 [0052.720] GetProcessHeap () returned 0x570000 [0052.720] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0052.720] GetProcessHeap () returned 0x570000 [0052.720] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923d0 | out: hHeap=0x570000) returned 1 [0052.720] GetProcessHeap () returned 0x570000 [0052.720] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592448 | out: hHeap=0x570000) returned 1 [0052.720] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Libraries\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Libraries\\desktop.ini") returned="C:\\Users\\Public\\Libraries\\desktop.ini" [0052.720] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Libraries\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Libraries\\desktop.ini.{Killback@protonmail.com}KBK" [0052.720] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Libraries\\desktop.ini" (normalized: "c:\\users\\public\\libraries\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Libraries\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\libraries\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0052.721] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Libraries\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Libraries") returned 1 [0052.721] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0052.721] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Libraries\\decrypt_files.html") returned="C:\\Users\\Public\\Libraries\\decrypt_files.html" [0052.721] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Libraries\\decrypt_files.html" (normalized: "c:\\users\\public\\libraries\\decrypt_files.html")) returned 0xffffffff [0052.721] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\decrypt_files.html" (normalized: "c:\\users\\public\\libraries\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0052.723] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0052.723] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0052.724] CloseHandle (hObject=0x80) returned 1 [0052.725] GetProcessHeap () returned 0x570000 [0052.725] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0052.725] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0052.725] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2=".") returned 1 [0052.725] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="..") returned 1 [0052.725] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\", lpString2="RecordedTV.library-ms" | out: lpString1="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" [0052.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="RecordedTV.library-ms", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0052.725] GetProcessHeap () returned 0x570000 [0052.725] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x58fdc0 [0052.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="RecordedTV.library-ms", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RecordedTV.library-ms", lpUsedDefaultChar=0x0) returned 22 [0052.725] lstrlenA (lpString="RecordedTV.library-ms") returned 21 [0052.725] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0052.725] lstrlenA (lpString="RecordedTV.library-ms") returned 21 [0052.725] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0052.725] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="decrypt_files.html") returned 1 [0052.725] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0052.725] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0052.725] lstrcmpiW (lpString1="RecordedTV.library-ms", lpString2="sihvgt.exe") returned -1 [0052.725] _alloca_probe () returned 0x40908b [0052.725] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0052.726] GetProcessHeap () returned 0x570000 [0052.726] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x5923a0 [0052.726] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", cchWideChar=-1, lpMultiByteStr=0x5923a0, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpUsedDefaultChar=0x0) returned 48 [0052.726] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0052.726] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{FDE2BA7D-7372-4429-8F43-7B33678C7A69}") returned 38 [0052.726] lstrlenA (lpString="{FDE2BA7D-7372-4429-8F43-7B33678C7A69}") returned 38 [0052.726] CreateFileW (lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0052.726] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=876) returned 1 [0052.726] lstrlenA (lpString="{FDE2BA7D-7372-4429-8F43-7B33678C7A69}") returned 38 [0052.726] GetProcessHeap () returned 0x570000 [0052.726] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923d8 [0052.726] GetProcessHeap () returned 0x570000 [0052.726] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592450 [0052.726] lstrlenA (lpString="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned 47 [0052.738] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x36c, lpOverlapped=0x0) returned 1 [0052.880] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0052.880] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x370, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x370, lpOverlapped=0x0) returned 1 [0052.880] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0052.880] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0052.880] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0052.881] lstrlenA (lpString="rsa_encrypt") returned 11 [0052.881] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592578) returned 1 [0052.881] CryptGenRandom (in: hProv=0x592578, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0052.882] CryptReleaseContext (hProv=0x592578, dwFlags=0x0) returned 1 [0052.882] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d8 [0052.882] lstrlenA (lpString="010001") returned 6 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee90 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592560 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592560 | out: hHeap=0x570000) returned 1 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.882] GetProcessHeap () returned 0x570000 [0052.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592560 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5925e8 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592560 | out: hHeap=0x570000) returned 1 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.883] GetProcessHeap () returned 0x570000 [0052.883] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.883] GetProcessHeap () returned 0x570000 [0052.884] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0052.884] GetProcessHeap () returned 0x570000 [0052.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0052.890] GetProcessHeap () returned 0x570000 [0052.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0052.890] GetProcessHeap () returned 0x570000 [0052.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.891] GetProcessHeap () returned 0x570000 [0052.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.891] GetProcessHeap () returned 0x570000 [0052.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.892] GetProcessHeap () returned 0x570000 [0052.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.893] GetProcessHeap () returned 0x570000 [0052.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.894] GetProcessHeap () returned 0x570000 [0052.894] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.895] GetProcessHeap () returned 0x570000 [0052.895] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.898] GetProcessHeap () returned 0x570000 [0052.898] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.898] GetProcessHeap () returned 0x570000 [0052.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.899] GetProcessHeap () returned 0x570000 [0052.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.899] GetProcessHeap () returned 0x570000 [0052.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.899] GetProcessHeap () returned 0x570000 [0052.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.899] GetProcessHeap () returned 0x570000 [0052.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.900] GetProcessHeap () returned 0x570000 [0052.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.900] GetProcessHeap () returned 0x570000 [0052.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.900] GetProcessHeap () returned 0x570000 [0052.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.900] GetProcessHeap () returned 0x570000 [0052.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.900] GetProcessHeap () returned 0x570000 [0052.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.900] GetProcessHeap () returned 0x570000 [0052.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.900] GetProcessHeap () returned 0x570000 [0052.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.900] GetProcessHeap () returned 0x570000 [0052.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.900] GetProcessHeap () returned 0x570000 [0052.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.901] GetProcessHeap () returned 0x570000 [0052.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.901] GetProcessHeap () returned 0x570000 [0052.901] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.901] GetProcessHeap () returned 0x570000 [0052.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.901] GetProcessHeap () returned 0x570000 [0052.901] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.901] GetProcessHeap () returned 0x570000 [0052.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.901] GetProcessHeap () returned 0x570000 [0052.901] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e8 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.902] GetProcessHeap () returned 0x570000 [0052.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d8 | out: hHeap=0x570000) returned 1 [0052.902] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0052.903] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0052.903] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0052.903] CloseHandle (hObject=0x80) returned 1 [0052.912] GetProcessHeap () returned 0x570000 [0052.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0052.912] GetProcessHeap () returned 0x570000 [0052.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923d8 | out: hHeap=0x570000) returned 1 [0052.912] GetProcessHeap () returned 0x570000 [0052.912] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592450 | out: hHeap=0x570000) returned 1 [0052.912] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" | out: lpString1="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms") returned="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" [0052.912] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.{Killback@protonmail.com}KBK" [0052.912] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), lpNewFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0052.916] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" | out: pszPath="C:\\Users\\Public\\Libraries") returned 1 [0052.916] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Libraries\\") returned="C:\\Users\\Public\\Libraries\\" [0052.916] lstrcatW (in: lpString1="C:\\Users\\Public\\Libraries\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Libraries\\decrypt_files.html") returned="C:\\Users\\Public\\Libraries\\decrypt_files.html" [0052.916] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Libraries\\decrypt_files.html" (normalized: "c:\\users\\public\\libraries\\decrypt_files.html")) returned 0x20 [0052.916] GetProcessHeap () returned 0x570000 [0052.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0052.916] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 0 [0052.916] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0052.916] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Favorites\\" | out: lpString1="C:\\Users\\Public\\Favorites\\") returned="C:\\Users\\Public\\Favorites\\" [0052.916] GetProcessHeap () returned 0x570000 [0052.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592360 | out: hHeap=0x570000) returned 1 [0052.916] GetProcessHeap () returned 0x570000 [0052.916] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0052.916] lstrlenW (lpString="C:\\Users\\Public\\Favorites\\") returned 26 [0052.916] lstrcatW (in: lpString1="C:\\Users\\Public\\Favorites\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Favorites\\*") returned="C:\\Users\\Public\\Favorites\\*" [0052.916] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0052.917] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.917] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.917] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.917] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.917] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0052.917] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0052.917] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Downloads\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0052.917] GetProcessHeap () returned 0x570000 [0052.917] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592320 | out: hHeap=0x570000) returned 1 [0052.917] GetProcessHeap () returned 0x570000 [0052.917] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0052.917] lstrlenW (lpString="C:\\Users\\Public\\Downloads\\") returned 26 [0052.917] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Downloads\\*") returned="C:\\Users\\Public\\Downloads\\*" [0052.917] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0052.918] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.918] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.918] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.918] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.918] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.918] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.918] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.918] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Downloads\\desktop.ini") returned="C:\\Users\\Public\\Downloads\\desktop.ini" [0052.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0052.918] GetProcessHeap () returned 0x570000 [0052.918] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0052.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0052.918] lstrlenA (lpString="desktop.ini") returned 11 [0052.918] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0052.918] lstrlenA (lpString="desktop.ini") returned 11 [0052.918] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0052.918] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0052.918] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0052.918] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0052.918] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0052.918] _alloca_probe () returned 0x40908b [0052.918] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Downloads\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0052.919] GetProcessHeap () returned 0x570000 [0052.919] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x26) returned 0x592320 [0052.919] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Downloads\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x592320, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Downloads\\desktop.ini", lpUsedDefaultChar=0x0) returned 38 [0052.923] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0052.924] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{98228F50-DA46-4BF9-AA8A-9AE0CCE075FB}") returned 38 [0052.924] lstrlenA (lpString="{98228F50-DA46-4BF9-AA8A-9AE0CCE075FB}") returned 38 [0052.924] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0052.924] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=174) returned 1 [0052.924] lstrlenA (lpString="{98228F50-DA46-4BF9-AA8A-9AE0CCE075FB}") returned 38 [0052.924] GetProcessHeap () returned 0x570000 [0052.924] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592350 [0052.924] GetProcessHeap () returned 0x570000 [0052.924] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923c8 [0052.924] lstrlenA (lpString="C:\\Users\\Public\\Downloads\\desktop.ini") returned 37 [0052.939] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0xae, lpOverlapped=0x0) returned 1 [0052.960] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0052.960] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0xb0, lpOverlapped=0x0) returned 1 [0052.960] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0052.960] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0052.960] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0052.961] lstrlenA (lpString="rsa_encrypt") returned 11 [0052.961] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5924f0) returned 1 [0052.962] CryptGenRandom (in: hProv=0x5924f0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0052.962] CryptReleaseContext (hProv=0x5924f0, dwFlags=0x0) returned 1 [0052.962] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0052.962] GetProcessHeap () returned 0x570000 [0052.962] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592450 [0052.962] lstrlenA (lpString="010001") returned 6 [0052.962] GetProcessHeap () returned 0x570000 [0052.962] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee80 [0052.963] GetProcessHeap () returned 0x570000 [0052.963] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d8 [0052.963] GetProcessHeap () returned 0x570000 [0052.963] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0052.963] GetProcessHeap () returned 0x570000 [0052.963] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d8 | out: hHeap=0x570000) returned 1 [0052.963] GetProcessHeap () returned 0x570000 [0052.963] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0052.963] GetProcessHeap () returned 0x570000 [0052.963] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0052.963] GetProcessHeap () returned 0x570000 [0052.963] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee60 [0052.963] GetProcessHeap () returned 0x570000 [0052.963] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0052.963] GetProcessHeap () returned 0x570000 [0052.963] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0052.963] GetProcessHeap () returned 0x570000 [0052.963] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0052.963] GetProcessHeap () returned 0x570000 [0052.964] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924d8 [0052.964] GetProcessHeap () returned 0x570000 [0052.964] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592560 [0052.964] GetProcessHeap () returned 0x570000 [0052.964] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee60 [0052.964] GetProcessHeap () returned 0x570000 [0052.964] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0052.964] GetProcessHeap () returned 0x570000 [0052.964] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0052.964] GetProcessHeap () returned 0x570000 [0052.964] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d8 | out: hHeap=0x570000) returned 1 [0052.964] GetProcessHeap () returned 0x570000 [0052.964] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0052.964] GetProcessHeap () returned 0x570000 [0052.964] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0052.964] GetProcessHeap () returned 0x570000 [0052.964] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.964] GetProcessHeap () returned 0x570000 [0052.964] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0052.964] GetProcessHeap () returned 0x570000 [0052.965] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0052.965] GetProcessHeap () returned 0x570000 [0052.965] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.965] GetProcessHeap () returned 0x570000 [0052.965] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.965] GetProcessHeap () returned 0x570000 [0052.965] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.965] GetProcessHeap () returned 0x570000 [0052.965] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0052.966] GetProcessHeap () returned 0x570000 [0052.966] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0052.966] GetProcessHeap () returned 0x570000 [0052.966] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0052.966] GetProcessHeap () returned 0x570000 [0052.966] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0052.966] GetProcessHeap () returned 0x570000 [0052.966] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.966] GetProcessHeap () returned 0x570000 [0052.966] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.966] GetProcessHeap () returned 0x570000 [0052.966] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.966] GetProcessHeap () returned 0x570000 [0052.966] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.966] GetProcessHeap () returned 0x570000 [0052.966] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.966] GetProcessHeap () returned 0x570000 [0052.966] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.966] GetProcessHeap () returned 0x570000 [0052.966] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.967] GetProcessHeap () returned 0x570000 [0052.967] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.967] GetProcessHeap () returned 0x570000 [0052.967] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.967] GetProcessHeap () returned 0x570000 [0052.967] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.967] GetProcessHeap () returned 0x570000 [0052.967] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.967] GetProcessHeap () returned 0x570000 [0052.967] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.967] GetProcessHeap () returned 0x570000 [0052.967] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.967] GetProcessHeap () returned 0x570000 [0052.967] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.967] GetProcessHeap () returned 0x570000 [0052.967] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.967] GetProcessHeap () returned 0x570000 [0052.967] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.968] GetProcessHeap () returned 0x570000 [0052.968] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.968] GetProcessHeap () returned 0x570000 [0052.968] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.968] GetProcessHeap () returned 0x570000 [0052.968] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.968] GetProcessHeap () returned 0x570000 [0052.968] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.968] GetProcessHeap () returned 0x570000 [0052.968] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.969] GetProcessHeap () returned 0x570000 [0052.969] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.969] GetProcessHeap () returned 0x570000 [0052.969] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.969] GetProcessHeap () returned 0x570000 [0052.969] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.969] GetProcessHeap () returned 0x570000 [0052.969] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.969] GetProcessHeap () returned 0x570000 [0052.969] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.969] GetProcessHeap () returned 0x570000 [0052.969] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.969] GetProcessHeap () returned 0x570000 [0052.969] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.970] GetProcessHeap () returned 0x570000 [0052.970] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.970] GetProcessHeap () returned 0x570000 [0052.970] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.970] GetProcessHeap () returned 0x570000 [0052.970] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.970] GetProcessHeap () returned 0x570000 [0052.970] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.970] GetProcessHeap () returned 0x570000 [0052.970] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.970] GetProcessHeap () returned 0x570000 [0052.971] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.971] GetProcessHeap () returned 0x570000 [0052.971] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.971] GetProcessHeap () returned 0x570000 [0052.971] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.971] GetProcessHeap () returned 0x570000 [0052.971] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.971] GetProcessHeap () returned 0x570000 [0052.971] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.971] GetProcessHeap () returned 0x570000 [0052.971] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.971] GetProcessHeap () returned 0x570000 [0052.971] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.971] GetProcessHeap () returned 0x570000 [0052.971] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.972] GetProcessHeap () returned 0x570000 [0052.972] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.972] GetProcessHeap () returned 0x570000 [0052.972] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.972] GetProcessHeap () returned 0x570000 [0052.972] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.972] GetProcessHeap () returned 0x570000 [0052.972] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.972] GetProcessHeap () returned 0x570000 [0052.972] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.972] GetProcessHeap () returned 0x570000 [0052.972] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.972] GetProcessHeap () returned 0x570000 [0052.972] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.972] GetProcessHeap () returned 0x570000 [0052.972] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.972] GetProcessHeap () returned 0x570000 [0052.972] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.972] GetProcessHeap () returned 0x570000 [0052.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.973] GetProcessHeap () returned 0x570000 [0052.973] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.973] GetProcessHeap () returned 0x570000 [0052.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.973] GetProcessHeap () returned 0x570000 [0052.973] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.973] GetProcessHeap () returned 0x570000 [0052.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.973] GetProcessHeap () returned 0x570000 [0052.973] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.973] GetProcessHeap () returned 0x570000 [0052.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.973] GetProcessHeap () returned 0x570000 [0052.973] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.973] GetProcessHeap () returned 0x570000 [0052.973] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.973] GetProcessHeap () returned 0x570000 [0052.973] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.974] GetProcessHeap () returned 0x570000 [0052.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.974] GetProcessHeap () returned 0x570000 [0052.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.974] GetProcessHeap () returned 0x570000 [0052.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.974] GetProcessHeap () returned 0x570000 [0052.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.974] GetProcessHeap () returned 0x570000 [0052.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.974] GetProcessHeap () returned 0x570000 [0052.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.974] GetProcessHeap () returned 0x570000 [0052.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.974] GetProcessHeap () returned 0x570000 [0052.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.974] GetProcessHeap () returned 0x570000 [0052.974] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.974] GetProcessHeap () returned 0x570000 [0052.974] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.975] GetProcessHeap () returned 0x570000 [0052.975] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.975] GetProcessHeap () returned 0x570000 [0052.975] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.975] GetProcessHeap () returned 0x570000 [0052.975] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.975] GetProcessHeap () returned 0x570000 [0052.975] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.975] GetProcessHeap () returned 0x570000 [0052.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.976] GetProcessHeap () returned 0x570000 [0052.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.976] GetProcessHeap () returned 0x570000 [0052.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.976] GetProcessHeap () returned 0x570000 [0052.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.976] GetProcessHeap () returned 0x570000 [0052.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.976] GetProcessHeap () returned 0x570000 [0052.976] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.976] GetProcessHeap () returned 0x570000 [0052.976] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.977] GetProcessHeap () returned 0x570000 [0052.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.977] GetProcessHeap () returned 0x570000 [0052.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.977] GetProcessHeap () returned 0x570000 [0052.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.977] GetProcessHeap () returned 0x570000 [0052.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.977] GetProcessHeap () returned 0x570000 [0052.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.977] GetProcessHeap () returned 0x570000 [0052.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.977] GetProcessHeap () returned 0x570000 [0052.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.977] GetProcessHeap () returned 0x570000 [0052.977] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.977] GetProcessHeap () returned 0x570000 [0052.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.977] GetProcessHeap () returned 0x570000 [0052.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.978] GetProcessHeap () returned 0x570000 [0052.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.978] GetProcessHeap () returned 0x570000 [0052.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.978] GetProcessHeap () returned 0x570000 [0052.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.978] GetProcessHeap () returned 0x570000 [0052.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.978] GetProcessHeap () returned 0x570000 [0052.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.979] GetProcessHeap () returned 0x570000 [0052.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.979] GetProcessHeap () returned 0x570000 [0052.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.979] GetProcessHeap () returned 0x570000 [0052.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0052.979] GetProcessHeap () returned 0x570000 [0052.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0052.979] GetProcessHeap () returned 0x570000 [0052.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0052.979] GetProcessHeap () returned 0x570000 [0052.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0052.979] GetProcessHeap () returned 0x570000 [0052.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592560 | out: hHeap=0x570000) returned 1 [0052.979] GetProcessHeap () returned 0x570000 [0052.979] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0052.979] GetProcessHeap () returned 0x570000 [0052.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0052.980] GetProcessHeap () returned 0x570000 [0052.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0052.980] GetProcessHeap () returned 0x570000 [0052.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0052.980] GetProcessHeap () returned 0x570000 [0052.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0052.980] GetProcessHeap () returned 0x570000 [0052.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0052.980] GetProcessHeap () returned 0x570000 [0052.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0052.980] GetProcessHeap () returned 0x570000 [0052.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592450 | out: hHeap=0x570000) returned 1 [0052.980] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0052.980] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0052.981] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0052.981] CloseHandle (hObject=0x80) returned 1 [0052.988] GetProcessHeap () returned 0x570000 [0052.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592320 | out: hHeap=0x570000) returned 1 [0052.988] GetProcessHeap () returned 0x570000 [0052.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592350 | out: hHeap=0x570000) returned 1 [0052.988] GetProcessHeap () returned 0x570000 [0052.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923c8 | out: hHeap=0x570000) returned 1 [0052.988] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Downloads\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Downloads\\desktop.ini") returned="C:\\Users\\Public\\Downloads\\desktop.ini" [0052.988] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Downloads\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Downloads\\desktop.ini.{Killback@protonmail.com}KBK" [0052.989] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Downloads\\desktop.ini" (normalized: "c:\\users\\public\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Downloads\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\downloads\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0052.989] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Downloads\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Downloads") returned 1 [0052.989] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Downloads\\") returned="C:\\Users\\Public\\Downloads\\" [0052.989] lstrcatW (in: lpString1="C:\\Users\\Public\\Downloads\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Downloads\\decrypt_files.html") returned="C:\\Users\\Public\\Downloads\\decrypt_files.html" [0052.989] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Downloads\\decrypt_files.html" (normalized: "c:\\users\\public\\downloads\\decrypt_files.html")) returned 0xffffffff [0052.989] CreateFileW (lpFileName="C:\\Users\\Public\\Downloads\\decrypt_files.html" (normalized: "c:\\users\\public\\downloads\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0052.990] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0052.990] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0052.992] CloseHandle (hObject=0x80) returned 1 [0052.992] GetProcessHeap () returned 0x570000 [0052.992] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0052.992] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0052.992] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0052.992] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Documents\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0052.993] GetProcessHeap () returned 0x570000 [0052.993] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0052.993] GetProcessHeap () returned 0x570000 [0052.993] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0052.993] lstrlenW (lpString="C:\\Users\\Public\\Documents\\") returned 26 [0052.993] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Documents\\*") returned="C:\\Users\\Public\\Documents\\*" [0052.993] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0052.993] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0052.993] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0052.994] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0052.994] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0052.994] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0052.994] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0052.994] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0052.994] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Documents\\desktop.ini") returned="C:\\Users\\Public\\Documents\\desktop.ini" [0052.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0052.994] GetProcessHeap () returned 0x570000 [0052.994] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0052.994] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0052.994] lstrlenA (lpString="desktop.ini") returned 11 [0052.994] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0052.994] lstrlenA (lpString="desktop.ini") returned 11 [0052.994] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0052.995] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0052.995] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0052.995] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0052.995] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0052.995] _alloca_probe () returned 0x40908b [0052.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Documents\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0052.995] GetProcessHeap () returned 0x570000 [0052.995] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x26) returned 0x5922e0 [0052.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Documents\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x5922e0, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Documents\\desktop.ini", lpUsedDefaultChar=0x0) returned 38 [0052.995] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0052.996] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{F1289E4E-DDE4-4160-88B0-EAF77A88593D}") returned 38 [0052.996] lstrlenA (lpString="{F1289E4E-DDE4-4160-88B0-EAF77A88593D}") returned 38 [0052.996] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0052.996] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=278) returned 1 [0052.996] lstrlenA (lpString="{F1289E4E-DDE4-4160-88B0-EAF77A88593D}") returned 38 [0052.996] GetProcessHeap () returned 0x570000 [0052.996] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592310 [0052.996] GetProcessHeap () returned 0x570000 [0052.996] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592388 [0052.997] lstrlenA (lpString="C:\\Users\\Public\\Documents\\desktop.ini") returned 37 [0053.013] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x116, lpOverlapped=0x0) returned 1 [0053.015] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.015] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x120, lpOverlapped=0x0) returned 1 [0053.015] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.016] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0053.016] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0053.016] lstrlenA (lpString="rsa_encrypt") returned 11 [0053.016] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5924b0) returned 1 [0053.017] CryptGenRandom (in: hProv=0x5924b0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0053.017] CryptReleaseContext (hProv=0x5924b0, dwFlags=0x0) returned 1 [0053.017] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0053.017] GetProcessHeap () returned 0x570000 [0053.017] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592410 [0053.017] lstrlenA (lpString="010001") returned 6 [0053.017] GetProcessHeap () returned 0x570000 [0053.017] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee70 [0053.017] GetProcessHeap () returned 0x570000 [0053.017] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592498 [0053.017] GetProcessHeap () returned 0x570000 [0053.017] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0053.017] GetProcessHeap () returned 0x570000 [0053.018] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592498 | out: hHeap=0x570000) returned 1 [0053.018] GetProcessHeap () returned 0x570000 [0053.018] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0053.018] GetProcessHeap () returned 0x570000 [0053.018] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0053.018] GetProcessHeap () returned 0x570000 [0053.018] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee80 [0053.018] GetProcessHeap () returned 0x570000 [0053.018] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0053.018] GetProcessHeap () returned 0x570000 [0053.018] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0053.018] GetProcessHeap () returned 0x570000 [0053.018] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0053.018] GetProcessHeap () returned 0x570000 [0053.018] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592498 [0053.018] GetProcessHeap () returned 0x570000 [0053.018] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592520 [0053.018] GetProcessHeap () returned 0x570000 [0053.018] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0053.019] GetProcessHeap () returned 0x570000 [0053.019] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0053.019] GetProcessHeap () returned 0x570000 [0053.019] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0053.019] GetProcessHeap () returned 0x570000 [0053.019] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592498 | out: hHeap=0x570000) returned 1 [0053.019] GetProcessHeap () returned 0x570000 [0053.019] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0053.019] GetProcessHeap () returned 0x570000 [0053.019] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.019] GetProcessHeap () returned 0x570000 [0053.019] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.019] GetProcessHeap () returned 0x570000 [0053.019] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0053.019] GetProcessHeap () returned 0x570000 [0053.019] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0053.019] GetProcessHeap () returned 0x570000 [0053.019] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.020] GetProcessHeap () returned 0x570000 [0053.020] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.020] GetProcessHeap () returned 0x570000 [0053.020] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.020] GetProcessHeap () returned 0x570000 [0053.020] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0053.020] GetProcessHeap () returned 0x570000 [0053.020] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0053.020] GetProcessHeap () returned 0x570000 [0053.020] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0053.020] GetProcessHeap () returned 0x570000 [0053.020] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.020] GetProcessHeap () returned 0x570000 [0053.020] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.020] GetProcessHeap () returned 0x570000 [0053.020] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.020] GetProcessHeap () returned 0x570000 [0053.020] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.020] GetProcessHeap () returned 0x570000 [0053.021] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.021] GetProcessHeap () returned 0x570000 [0053.021] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.021] GetProcessHeap () returned 0x570000 [0053.021] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.021] GetProcessHeap () returned 0x570000 [0053.021] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.021] GetProcessHeap () returned 0x570000 [0053.021] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.021] GetProcessHeap () returned 0x570000 [0053.021] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.021] GetProcessHeap () returned 0x570000 [0053.021] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.021] GetProcessHeap () returned 0x570000 [0053.021] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.021] GetProcessHeap () returned 0x570000 [0053.021] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.021] GetProcessHeap () returned 0x570000 [0053.022] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.022] GetProcessHeap () returned 0x570000 [0053.022] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.022] GetProcessHeap () returned 0x570000 [0053.022] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.022] GetProcessHeap () returned 0x570000 [0053.022] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.022] GetProcessHeap () returned 0x570000 [0053.022] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.022] GetProcessHeap () returned 0x570000 [0053.022] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.022] GetProcessHeap () returned 0x570000 [0053.022] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.022] GetProcessHeap () returned 0x570000 [0053.022] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.022] GetProcessHeap () returned 0x570000 [0053.022] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.022] GetProcessHeap () returned 0x570000 [0053.023] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.023] GetProcessHeap () returned 0x570000 [0053.023] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.023] GetProcessHeap () returned 0x570000 [0053.023] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.023] GetProcessHeap () returned 0x570000 [0053.023] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.023] GetProcessHeap () returned 0x570000 [0053.023] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.023] GetProcessHeap () returned 0x570000 [0053.023] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.024] GetProcessHeap () returned 0x570000 [0053.024] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.024] GetProcessHeap () returned 0x570000 [0053.024] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.024] GetProcessHeap () returned 0x570000 [0053.024] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.024] GetProcessHeap () returned 0x570000 [0053.024] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.024] GetProcessHeap () returned 0x570000 [0053.024] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.024] GetProcessHeap () returned 0x570000 [0053.024] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.024] GetProcessHeap () returned 0x570000 [0053.024] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.024] GetProcessHeap () returned 0x570000 [0053.024] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.024] GetProcessHeap () returned 0x570000 [0053.024] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.024] GetProcessHeap () returned 0x570000 [0053.025] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.025] GetProcessHeap () returned 0x570000 [0053.025] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.025] GetProcessHeap () returned 0x570000 [0053.025] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.025] GetProcessHeap () returned 0x570000 [0053.025] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.025] GetProcessHeap () returned 0x570000 [0053.025] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.025] GetProcessHeap () returned 0x570000 [0053.025] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.025] GetProcessHeap () returned 0x570000 [0053.025] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.025] GetProcessHeap () returned 0x570000 [0053.025] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.025] GetProcessHeap () returned 0x570000 [0053.025] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.025] GetProcessHeap () returned 0x570000 [0053.025] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.026] GetProcessHeap () returned 0x570000 [0053.026] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.026] GetProcessHeap () returned 0x570000 [0053.026] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.026] GetProcessHeap () returned 0x570000 [0053.026] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.026] GetProcessHeap () returned 0x570000 [0053.026] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.026] GetProcessHeap () returned 0x570000 [0053.026] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.026] GetProcessHeap () returned 0x570000 [0053.026] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.026] GetProcessHeap () returned 0x570000 [0053.026] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.026] GetProcessHeap () returned 0x570000 [0053.026] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.026] GetProcessHeap () returned 0x570000 [0053.026] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.027] GetProcessHeap () returned 0x570000 [0053.027] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.027] GetProcessHeap () returned 0x570000 [0053.027] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.027] GetProcessHeap () returned 0x570000 [0053.027] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.027] GetProcessHeap () returned 0x570000 [0053.027] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.027] GetProcessHeap () returned 0x570000 [0053.027] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.027] GetProcessHeap () returned 0x570000 [0053.027] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.027] GetProcessHeap () returned 0x570000 [0053.027] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.027] GetProcessHeap () returned 0x570000 [0053.027] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.027] GetProcessHeap () returned 0x570000 [0053.027] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.028] GetProcessHeap () returned 0x570000 [0053.028] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.028] GetProcessHeap () returned 0x570000 [0053.028] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.028] GetProcessHeap () returned 0x570000 [0053.028] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.028] GetProcessHeap () returned 0x570000 [0053.028] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.028] GetProcessHeap () returned 0x570000 [0053.028] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.028] GetProcessHeap () returned 0x570000 [0053.028] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.028] GetProcessHeap () returned 0x570000 [0053.028] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.028] GetProcessHeap () returned 0x570000 [0053.028] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.028] GetProcessHeap () returned 0x570000 [0053.028] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.029] GetProcessHeap () returned 0x570000 [0053.029] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.029] GetProcessHeap () returned 0x570000 [0053.029] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.029] GetProcessHeap () returned 0x570000 [0053.029] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.029] GetProcessHeap () returned 0x570000 [0053.029] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.029] GetProcessHeap () returned 0x570000 [0053.029] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.029] GetProcessHeap () returned 0x570000 [0053.029] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.029] GetProcessHeap () returned 0x570000 [0053.029] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.029] GetProcessHeap () returned 0x570000 [0053.029] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.029] GetProcessHeap () returned 0x570000 [0053.029] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.029] GetProcessHeap () returned 0x570000 [0053.030] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.030] GetProcessHeap () returned 0x570000 [0053.030] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.030] GetProcessHeap () returned 0x570000 [0053.030] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.030] GetProcessHeap () returned 0x570000 [0053.030] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.030] GetProcessHeap () returned 0x570000 [0053.030] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.030] GetProcessHeap () returned 0x570000 [0053.030] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.030] GetProcessHeap () returned 0x570000 [0053.030] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.030] GetProcessHeap () returned 0x570000 [0053.030] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.030] GetProcessHeap () returned 0x570000 [0053.030] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.030] GetProcessHeap () returned 0x570000 [0053.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.031] GetProcessHeap () returned 0x570000 [0053.031] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.031] GetProcessHeap () returned 0x570000 [0053.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.031] GetProcessHeap () returned 0x570000 [0053.031] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.031] GetProcessHeap () returned 0x570000 [0053.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.031] GetProcessHeap () returned 0x570000 [0053.031] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.031] GetProcessHeap () returned 0x570000 [0053.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.031] GetProcessHeap () returned 0x570000 [0053.031] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.031] GetProcessHeap () returned 0x570000 [0053.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.031] GetProcessHeap () returned 0x570000 [0053.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0053.031] GetProcessHeap () returned 0x570000 [0053.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0053.032] GetProcessHeap () returned 0x570000 [0053.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592520 | out: hHeap=0x570000) returned 1 [0053.032] GetProcessHeap () returned 0x570000 [0053.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0053.032] GetProcessHeap () returned 0x570000 [0053.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0053.032] GetProcessHeap () returned 0x570000 [0053.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0053.032] GetProcessHeap () returned 0x570000 [0053.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0053.032] GetProcessHeap () returned 0x570000 [0053.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0053.032] GetProcessHeap () returned 0x570000 [0053.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0053.032] GetProcessHeap () returned 0x570000 [0053.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.032] GetProcessHeap () returned 0x570000 [0053.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592410 | out: hHeap=0x570000) returned 1 [0053.032] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0053.032] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0053.032] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0053.033] CloseHandle (hObject=0x80) returned 1 [0053.051] GetProcessHeap () returned 0x570000 [0053.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0053.052] GetProcessHeap () returned 0x570000 [0053.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592310 | out: hHeap=0x570000) returned 1 [0053.052] GetProcessHeap () returned 0x570000 [0053.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592388 | out: hHeap=0x570000) returned 1 [0053.052] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Documents\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Documents\\desktop.ini") returned="C:\\Users\\Public\\Documents\\desktop.ini" [0053.052] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Documents\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Documents\\desktop.ini.{Killback@protonmail.com}KBK" [0053.052] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Documents\\desktop.ini" (normalized: "c:\\users\\public\\documents\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Documents\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\documents\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0053.053] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Documents\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Documents") returned 1 [0053.053] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\") returned="C:\\Users\\Public\\Documents\\" [0053.053] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Documents\\decrypt_files.html") returned="C:\\Users\\Public\\Documents\\decrypt_files.html" [0053.053] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Documents\\decrypt_files.html" (normalized: "c:\\users\\public\\documents\\decrypt_files.html")) returned 0xffffffff [0053.053] CreateFileW (lpFileName="C:\\Users\\Public\\Documents\\decrypt_files.html" (normalized: "c:\\users\\public\\documents\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0053.053] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0053.053] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0053.055] CloseHandle (hObject=0x80) returned 1 [0053.055] GetProcessHeap () returned 0x570000 [0053.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.055] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0053.055] lstrcmpiW (lpString1="My Music", lpString2=".") returned 1 [0053.055] lstrcmpiW (lpString1="My Music", lpString2="..") returned 1 [0053.055] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\Public\\Documents\\My Music") returned="C:\\Users\\Public\\Documents\\My Music" [0053.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Music", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0053.055] GetProcessHeap () returned 0x570000 [0053.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0053.055] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Music", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="My Music", lpUsedDefaultChar=0x0) returned 9 [0053.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0053.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0053.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.055] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.056] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.057] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.057] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\") returned="C:\\Users\\Public\\Documents\\My Music\\" [0053.057] GetProcessHeap () returned 0x570000 [0053.057] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee70 [0053.057] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\") returned 35 [0053.057] GetProcessHeap () returned 0x570000 [0053.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x48) returned 0x589108 [0053.058] lstrcpyW (in: lpString1=0x589108, lpString2="C:\\Users\\Public\\Documents\\My Music\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\") returned="C:\\Users\\Public\\Documents\\My Music\\" [0053.058] GetProcessHeap () returned 0x570000 [0053.058] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.058] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0053.058] lstrcmpiW (lpString1="My Pictures", lpString2=".") returned 1 [0053.058] lstrcmpiW (lpString1="My Pictures", lpString2="..") returned 1 [0053.058] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures") returned="C:\\Users\\Public\\Documents\\My Pictures" [0053.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Pictures", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0053.058] GetProcessHeap () returned 0x570000 [0053.058] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0053.058] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Pictures", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="My Pictures", lpUsedDefaultChar=0x0) returned 12 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.058] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0053.059] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.060] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0053.060] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.060] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.060] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.060] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.060] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.060] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\") returned="C:\\Users\\Public\\Documents\\My Pictures\\" [0053.060] GetProcessHeap () returned 0x570000 [0053.060] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee90 [0053.060] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\") returned 38 [0053.060] GetProcessHeap () returned 0x570000 [0053.060] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4e) returned 0x5922e0 [0053.060] lstrcpyW (in: lpString1=0x5922e0, lpString2="C:\\Users\\Public\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\") returned="C:\\Users\\Public\\Documents\\My Pictures\\" [0053.060] GetProcessHeap () returned 0x570000 [0053.060] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.060] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0053.060] lstrcmpiW (lpString1="My Videos", lpString2=".") returned 1 [0053.060] lstrcmpiW (lpString1="My Videos", lpString2="..") returned 1 [0053.060] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos") returned="C:\\Users\\Public\\Documents\\My Videos" [0053.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Videos", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0053.060] GetProcessHeap () returned 0x570000 [0053.060] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0053.060] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Videos", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="My Videos", lpUsedDefaultChar=0x0) returned 10 [0053.060] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.060] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0053.060] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.061] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.062] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.062] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\") returned="C:\\Users\\Public\\Documents\\My Videos\\" [0053.062] GetProcessHeap () returned 0x570000 [0053.062] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee80 [0053.062] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\") returned 36 [0053.062] GetProcessHeap () returned 0x570000 [0053.062] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4a) returned 0x592338 [0053.062] lstrcpyW (in: lpString1=0x592338, lpString2="C:\\Users\\Public\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\") returned="C:\\Users\\Public\\Documents\\My Videos\\" [0053.062] GetProcessHeap () returned 0x570000 [0053.062] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.063] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0053.063] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0053.063] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\") returned="C:\\Users\\Public\\Documents\\My Videos\\" [0053.063] GetProcessHeap () returned 0x570000 [0053.063] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592338 | out: hHeap=0x570000) returned 1 [0053.063] GetProcessHeap () returned 0x570000 [0053.063] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0053.063] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Videos\\") returned 36 [0053.063] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Documents\\My Videos\\*") returned="C:\\Users\\Public\\Documents\\My Videos\\*" [0053.063] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0xffffffff [0053.064] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\") returned="C:\\Users\\Public\\Documents\\My Pictures\\" [0053.064] GetProcessHeap () returned 0x570000 [0053.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0053.064] GetProcessHeap () returned 0x570000 [0053.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.064] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Pictures\\") returned 38 [0053.064] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Documents\\My Pictures\\*") returned="C:\\Users\\Public\\Documents\\My Pictures\\*" [0053.064] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0xffffffff [0053.064] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Documents\\My Music\\" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\") returned="C:\\Users\\Public\\Documents\\My Music\\" [0053.064] GetProcessHeap () returned 0x570000 [0053.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0053.064] GetProcessHeap () returned 0x570000 [0053.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.064] lstrlenW (lpString="C:\\Users\\Public\\Documents\\My Music\\") returned 35 [0053.064] lstrcatW (in: lpString1="C:\\Users\\Public\\Documents\\My Music\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Documents\\My Music\\*") returned="C:\\Users\\Public\\Documents\\My Music\\*" [0053.064] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0xffffffff [0053.064] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Public\\Desktop\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0053.064] GetProcessHeap () returned 0x570000 [0053.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f58 | out: hHeap=0x570000) returned 1 [0053.064] GetProcessHeap () returned 0x570000 [0053.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0053.065] lstrlenW (lpString="C:\\Users\\Public\\Desktop\\") returned 24 [0053.065] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="*" | out: lpString1="C:\\Users\\Public\\Desktop\\*") returned="C:\\Users\\Public\\Desktop\\*" [0053.065] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0053.065] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.065] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.065] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.065] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.065] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0053.065] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2=".") returned 1 [0053.065] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="..") returned 1 [0053.065] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="Adobe Reader X.lnk" | out: lpString1="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" [0053.065] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Adobe Reader X.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0053.065] GetProcessHeap () returned 0x570000 [0053.065] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x13) returned 0x58fdc0 [0053.065] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Adobe Reader X.lnk", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Adobe Reader X.lnk", lpUsedDefaultChar=0x0) returned 19 [0053.065] lstrlenA (lpString="Adobe Reader X.lnk") returned 18 [0053.065] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.065] lstrlenA (lpString="Adobe Reader X.lnk") returned 18 [0053.065] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.065] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="decrypt_files.html") returned -1 [0053.066] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0053.066] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0053.066] lstrcmpiW (lpString1="Adobe Reader X.lnk", lpString2="sihvgt.exe") returned -1 [0053.066] _alloca_probe () returned 0x40908b [0053.066] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 43 [0053.066] GetProcessHeap () returned 0x570000 [0053.066] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2b) returned 0x588f58 [0053.066] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", cchWideChar=-1, lpMultiByteStr=0x588f58, cbMultiByte=43, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", lpUsedDefaultChar=0x0) returned 43 [0053.066] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0053.066] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{78830D32-B7E1-468C-809A-303446EBB9F0}") returned 38 [0053.066] lstrlenA (lpString="{78830D32-B7E1-468C-809A-303446EBB9F0}") returned 38 [0053.066] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0053.066] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=2025) returned 1 [0053.066] lstrlenA (lpString="{78830D32-B7E1-468C-809A-303446EBB9F0}") returned 38 [0053.066] GetProcessHeap () returned 0x570000 [0053.066] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5922e0 [0053.066] GetProcessHeap () returned 0x570000 [0053.066] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592358 [0053.066] lstrlenA (lpString="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned 42 [0053.078] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x7e9, lpOverlapped=0x0) returned 1 [0053.079] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.079] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x7f0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x7f0, lpOverlapped=0x0) returned 1 [0053.079] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.079] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0053.080] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0053.080] lstrlenA (lpString="rsa_encrypt") returned 11 [0053.080] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592480) returned 1 [0053.081] CryptGenRandom (in: hProv=0x592480, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0053.081] CryptReleaseContext (hProv=0x592480, dwFlags=0x0) returned 1 [0053.081] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0053.081] GetProcessHeap () returned 0x570000 [0053.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923e0 [0053.081] lstrlenA (lpString="010001") returned 6 [0053.081] GetProcessHeap () returned 0x570000 [0053.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee50 [0053.081] GetProcessHeap () returned 0x570000 [0053.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0053.081] GetProcessHeap () returned 0x570000 [0053.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0053.081] GetProcessHeap () returned 0x570000 [0053.081] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0053.081] GetProcessHeap () returned 0x570000 [0053.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0053.081] GetProcessHeap () returned 0x570000 [0053.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0053.081] GetProcessHeap () returned 0x570000 [0053.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee70 [0053.081] GetProcessHeap () returned 0x570000 [0053.081] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0053.081] GetProcessHeap () returned 0x570000 [0053.082] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5924f0 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.082] GetProcessHeap () returned 0x570000 [0053.082] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.083] GetProcessHeap () returned 0x570000 [0053.083] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.084] GetProcessHeap () returned 0x570000 [0053.084] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.085] GetProcessHeap () returned 0x570000 [0053.085] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.086] GetProcessHeap () returned 0x570000 [0053.086] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.086] GetProcessHeap () returned 0x570000 [0053.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.087] GetProcessHeap () returned 0x570000 [0053.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.088] GetProcessHeap () returned 0x570000 [0053.088] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.088] GetProcessHeap () returned 0x570000 [0053.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.088] GetProcessHeap () returned 0x570000 [0053.088] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.088] GetProcessHeap () returned 0x570000 [0053.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.088] GetProcessHeap () returned 0x570000 [0053.088] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.088] GetProcessHeap () returned 0x570000 [0053.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.088] GetProcessHeap () returned 0x570000 [0053.088] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.088] GetProcessHeap () returned 0x570000 [0053.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.088] GetProcessHeap () returned 0x570000 [0053.088] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.088] GetProcessHeap () returned 0x570000 [0053.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.088] GetProcessHeap () returned 0x570000 [0053.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.089] GetProcessHeap () returned 0x570000 [0053.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.089] GetProcessHeap () returned 0x570000 [0053.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.089] GetProcessHeap () returned 0x570000 [0053.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.089] GetProcessHeap () returned 0x570000 [0053.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.089] GetProcessHeap () returned 0x570000 [0053.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.089] GetProcessHeap () returned 0x570000 [0053.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.089] GetProcessHeap () returned 0x570000 [0053.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.089] GetProcessHeap () returned 0x570000 [0053.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.089] GetProcessHeap () returned 0x570000 [0053.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.089] GetProcessHeap () returned 0x570000 [0053.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.089] GetProcessHeap () returned 0x570000 [0053.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.090] GetProcessHeap () returned 0x570000 [0053.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.090] GetProcessHeap () returned 0x570000 [0053.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.090] GetProcessHeap () returned 0x570000 [0053.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.090] GetProcessHeap () returned 0x570000 [0053.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.090] GetProcessHeap () returned 0x570000 [0053.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.090] GetProcessHeap () returned 0x570000 [0053.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.090] GetProcessHeap () returned 0x570000 [0053.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.090] GetProcessHeap () returned 0x570000 [0053.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.090] GetProcessHeap () returned 0x570000 [0053.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.090] GetProcessHeap () returned 0x570000 [0053.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.091] GetProcessHeap () returned 0x570000 [0053.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.091] GetProcessHeap () returned 0x570000 [0053.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924f0 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0053.092] GetProcessHeap () returned 0x570000 [0053.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0053.093] GetProcessHeap () returned 0x570000 [0053.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0053.093] GetProcessHeap () returned 0x570000 [0053.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0053.093] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0053.093] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0053.093] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0053.093] CloseHandle (hObject=0x80) returned 1 [0053.097] GetProcessHeap () returned 0x570000 [0053.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f58 | out: hHeap=0x570000) returned 1 [0053.097] GetProcessHeap () returned 0x570000 [0053.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0053.097] GetProcessHeap () returned 0x570000 [0053.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592358 | out: hHeap=0x570000) returned 1 [0053.097] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" | out: lpString1="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk") returned="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" [0053.097] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.{Killback@protonmail.com}KBK" [0053.098] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\desktop\\adobe reader x.lnk.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0053.099] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk" | out: pszPath="C:\\Users\\Public\\Desktop") returned 1 [0053.099] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0053.099] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Desktop\\decrypt_files.html") returned="C:\\Users\\Public\\Desktop\\decrypt_files.html" [0053.099] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Desktop\\decrypt_files.html" (normalized: "c:\\users\\public\\desktop\\decrypt_files.html")) returned 0xffffffff [0053.099] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\decrypt_files.html" (normalized: "c:\\users\\public\\desktop\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0053.099] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0053.099] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0053.100] CloseHandle (hObject=0x80) returned 1 [0053.101] GetProcessHeap () returned 0x570000 [0053.101] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0053.101] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0053.101] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0053.101] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0053.101] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Public\\Desktop\\desktop.ini") returned="C:\\Users\\Public\\Desktop\\desktop.ini" [0053.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0053.101] GetProcessHeap () returned 0x570000 [0053.101] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0053.101] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0053.101] lstrlenA (lpString="desktop.ini") returned 11 [0053.101] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.101] lstrlenA (lpString="desktop.ini") returned 11 [0053.101] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.101] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0053.101] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0053.102] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0053.102] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0053.102] _alloca_probe () returned 0x40908b [0053.102] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Desktop\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0053.102] GetProcessHeap () returned 0x570000 [0053.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x24) returned 0x588f58 [0053.102] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Desktop\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588f58, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Desktop\\desktop.ini", lpUsedDefaultChar=0x0) returned 36 [0053.102] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0053.102] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{5D6D6C74-B0C0-4B45-AB14-B3061553A4BC}") returned 38 [0053.102] lstrlenA (lpString="{5D6D6C74-B0C0-4B45-AB14-B3061553A4BC}") returned 38 [0053.102] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0053.102] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=174) returned 1 [0053.102] lstrlenA (lpString="{5D6D6C74-B0C0-4B45-AB14-B3061553A4BC}") returned 38 [0053.102] GetProcessHeap () returned 0x570000 [0053.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5922e0 [0053.102] GetProcessHeap () returned 0x570000 [0053.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592358 [0053.102] lstrlenA (lpString="C:\\Users\\Public\\Desktop\\desktop.ini") returned 35 [0053.115] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0xae, lpOverlapped=0x0) returned 1 [0053.115] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.116] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0xb0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0xb0, lpOverlapped=0x0) returned 1 [0053.116] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.116] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0053.116] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0053.116] lstrlenA (lpString="rsa_encrypt") returned 11 [0053.116] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592480) returned 1 [0053.117] CryptGenRandom (in: hProv=0x592480, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0053.117] CryptReleaseContext (hProv=0x592480, dwFlags=0x0) returned 1 [0053.117] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0053.117] GetProcessHeap () returned 0x570000 [0053.117] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923e0 [0053.117] lstrlenA (lpString="010001") returned 6 [0053.118] GetProcessHeap () returned 0x570000 [0053.118] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee50 [0053.118] GetProcessHeap () returned 0x570000 [0053.118] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0053.118] GetProcessHeap () returned 0x570000 [0053.118] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0053.118] GetProcessHeap () returned 0x570000 [0053.118] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0053.118] GetProcessHeap () returned 0x570000 [0053.118] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0053.118] GetProcessHeap () returned 0x570000 [0053.118] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0053.118] GetProcessHeap () returned 0x570000 [0053.118] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee90 [0053.118] GetProcessHeap () returned 0x570000 [0053.118] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0053.118] GetProcessHeap () returned 0x570000 [0053.119] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.119] GetProcessHeap () returned 0x570000 [0053.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0053.119] GetProcessHeap () returned 0x570000 [0053.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0053.119] GetProcessHeap () returned 0x570000 [0053.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5924f0 [0053.119] GetProcessHeap () returned 0x570000 [0053.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.119] GetProcessHeap () returned 0x570000 [0053.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0053.119] GetProcessHeap () returned 0x570000 [0053.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0053.119] GetProcessHeap () returned 0x570000 [0053.119] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0053.119] GetProcessHeap () returned 0x570000 [0053.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0053.119] GetProcessHeap () returned 0x570000 [0053.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.120] GetProcessHeap () returned 0x570000 [0053.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.120] GetProcessHeap () returned 0x570000 [0053.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0053.120] GetProcessHeap () returned 0x570000 [0053.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.120] GetProcessHeap () returned 0x570000 [0053.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.120] GetProcessHeap () returned 0x570000 [0053.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.120] GetProcessHeap () returned 0x570000 [0053.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.120] GetProcessHeap () returned 0x570000 [0053.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0053.120] GetProcessHeap () returned 0x570000 [0053.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0053.120] GetProcessHeap () returned 0x570000 [0053.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0053.121] GetProcessHeap () returned 0x570000 [0053.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.121] GetProcessHeap () returned 0x570000 [0053.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.121] GetProcessHeap () returned 0x570000 [0053.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.121] GetProcessHeap () returned 0x570000 [0053.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.121] GetProcessHeap () returned 0x570000 [0053.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.121] GetProcessHeap () returned 0x570000 [0053.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.121] GetProcessHeap () returned 0x570000 [0053.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.121] GetProcessHeap () returned 0x570000 [0053.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.121] GetProcessHeap () returned 0x570000 [0053.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.121] GetProcessHeap () returned 0x570000 [0053.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.122] GetProcessHeap () returned 0x570000 [0053.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.122] GetProcessHeap () returned 0x570000 [0053.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.122] GetProcessHeap () returned 0x570000 [0053.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.122] GetProcessHeap () returned 0x570000 [0053.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.122] GetProcessHeap () returned 0x570000 [0053.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.122] GetProcessHeap () returned 0x570000 [0053.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.122] GetProcessHeap () returned 0x570000 [0053.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.122] GetProcessHeap () returned 0x570000 [0053.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.122] GetProcessHeap () returned 0x570000 [0053.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.123] GetProcessHeap () returned 0x570000 [0053.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.123] GetProcessHeap () returned 0x570000 [0053.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.123] GetProcessHeap () returned 0x570000 [0053.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.123] GetProcessHeap () returned 0x570000 [0053.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.123] GetProcessHeap () returned 0x570000 [0053.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.123] GetProcessHeap () returned 0x570000 [0053.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.123] GetProcessHeap () returned 0x570000 [0053.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.123] GetProcessHeap () returned 0x570000 [0053.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.123] GetProcessHeap () returned 0x570000 [0053.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.123] GetProcessHeap () returned 0x570000 [0053.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.124] GetProcessHeap () returned 0x570000 [0053.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.124] GetProcessHeap () returned 0x570000 [0053.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.124] GetProcessHeap () returned 0x570000 [0053.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.124] GetProcessHeap () returned 0x570000 [0053.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.124] GetProcessHeap () returned 0x570000 [0053.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.124] GetProcessHeap () returned 0x570000 [0053.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.124] GetProcessHeap () returned 0x570000 [0053.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.124] GetProcessHeap () returned 0x570000 [0053.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.124] GetProcessHeap () returned 0x570000 [0053.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.124] GetProcessHeap () returned 0x570000 [0053.125] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.125] GetProcessHeap () returned 0x570000 [0053.125] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.125] GetProcessHeap () returned 0x570000 [0053.125] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.125] GetProcessHeap () returned 0x570000 [0053.125] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.125] GetProcessHeap () returned 0x570000 [0053.125] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.125] GetProcessHeap () returned 0x570000 [0053.125] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.125] GetProcessHeap () returned 0x570000 [0053.125] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.125] GetProcessHeap () returned 0x570000 [0053.125] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.125] GetProcessHeap () returned 0x570000 [0053.125] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.125] GetProcessHeap () returned 0x570000 [0053.125] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.126] GetProcessHeap () returned 0x570000 [0053.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.126] GetProcessHeap () returned 0x570000 [0053.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.126] GetProcessHeap () returned 0x570000 [0053.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.126] GetProcessHeap () returned 0x570000 [0053.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.126] GetProcessHeap () returned 0x570000 [0053.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.126] GetProcessHeap () returned 0x570000 [0053.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.126] GetProcessHeap () returned 0x570000 [0053.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.126] GetProcessHeap () returned 0x570000 [0053.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.126] GetProcessHeap () returned 0x570000 [0053.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.126] GetProcessHeap () returned 0x570000 [0053.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.127] GetProcessHeap () returned 0x570000 [0053.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.127] GetProcessHeap () returned 0x570000 [0053.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.127] GetProcessHeap () returned 0x570000 [0053.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.127] GetProcessHeap () returned 0x570000 [0053.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.127] GetProcessHeap () returned 0x570000 [0053.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.127] GetProcessHeap () returned 0x570000 [0053.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.127] GetProcessHeap () returned 0x570000 [0053.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.127] GetProcessHeap () returned 0x570000 [0053.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.127] GetProcessHeap () returned 0x570000 [0053.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.128] GetProcessHeap () returned 0x570000 [0053.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.128] GetProcessHeap () returned 0x570000 [0053.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.128] GetProcessHeap () returned 0x570000 [0053.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.128] GetProcessHeap () returned 0x570000 [0053.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.128] GetProcessHeap () returned 0x570000 [0053.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.128] GetProcessHeap () returned 0x570000 [0053.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.128] GetProcessHeap () returned 0x570000 [0053.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.128] GetProcessHeap () returned 0x570000 [0053.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.128] GetProcessHeap () returned 0x570000 [0053.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.128] GetProcessHeap () returned 0x570000 [0053.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.129] GetProcessHeap () returned 0x570000 [0053.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.129] GetProcessHeap () returned 0x570000 [0053.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.129] GetProcessHeap () returned 0x570000 [0053.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.129] GetProcessHeap () returned 0x570000 [0053.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.129] GetProcessHeap () returned 0x570000 [0053.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.129] GetProcessHeap () returned 0x570000 [0053.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.129] GetProcessHeap () returned 0x570000 [0053.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.129] GetProcessHeap () returned 0x570000 [0053.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.129] GetProcessHeap () returned 0x570000 [0053.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.130] GetProcessHeap () returned 0x570000 [0053.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.130] GetProcessHeap () returned 0x570000 [0053.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.130] GetProcessHeap () returned 0x570000 [0053.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.130] GetProcessHeap () returned 0x570000 [0053.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.130] GetProcessHeap () returned 0x570000 [0053.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.130] GetProcessHeap () returned 0x570000 [0053.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.130] GetProcessHeap () returned 0x570000 [0053.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.130] GetProcessHeap () returned 0x570000 [0053.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.130] GetProcessHeap () returned 0x570000 [0053.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.130] GetProcessHeap () returned 0x570000 [0053.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.131] GetProcessHeap () returned 0x570000 [0053.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.131] GetProcessHeap () returned 0x570000 [0053.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.131] GetProcessHeap () returned 0x570000 [0053.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.131] GetProcessHeap () returned 0x570000 [0053.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.131] GetProcessHeap () returned 0x570000 [0053.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.131] GetProcessHeap () returned 0x570000 [0053.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0053.131] GetProcessHeap () returned 0x570000 [0053.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0053.131] GetProcessHeap () returned 0x570000 [0053.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924f0 | out: hHeap=0x570000) returned 1 [0053.131] GetProcessHeap () returned 0x570000 [0053.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0053.131] GetProcessHeap () returned 0x570000 [0053.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0053.132] GetProcessHeap () returned 0x570000 [0053.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0053.132] GetProcessHeap () returned 0x570000 [0053.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0053.132] GetProcessHeap () returned 0x570000 [0053.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0053.132] GetProcessHeap () returned 0x570000 [0053.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0053.134] GetProcessHeap () returned 0x570000 [0053.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0053.134] GetProcessHeap () returned 0x570000 [0053.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0053.134] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0053.134] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0053.134] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0053.134] CloseHandle (hObject=0x80) returned 1 [0053.141] GetProcessHeap () returned 0x570000 [0053.141] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f58 | out: hHeap=0x570000) returned 1 [0053.141] GetProcessHeap () returned 0x570000 [0053.141] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0053.141] GetProcessHeap () returned 0x570000 [0053.141] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592358 | out: hHeap=0x570000) returned 1 [0053.141] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Desktop\\desktop.ini" | out: lpString1="C:\\Users\\Public\\Desktop\\desktop.ini") returned="C:\\Users\\Public\\Desktop\\desktop.ini" [0053.141] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Desktop\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Desktop\\desktop.ini.{Killback@protonmail.com}KBK" [0053.141] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Desktop\\desktop.ini" (normalized: "c:\\users\\public\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\Public\\Desktop\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\desktop\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0053.142] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Desktop\\desktop.ini" | out: pszPath="C:\\Users\\Public\\Desktop") returned 1 [0053.143] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0053.143] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Desktop\\decrypt_files.html") returned="C:\\Users\\Public\\Desktop\\decrypt_files.html" [0053.143] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Desktop\\decrypt_files.html" (normalized: "c:\\users\\public\\desktop\\decrypt_files.html")) returned 0x20 [0053.143] GetProcessHeap () returned 0x570000 [0053.143] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.143] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0053.143] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2=".") returned 1 [0053.143] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="..") returned 1 [0053.143] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="Google Chrome.lnk" | out: lpString1="C:\\Users\\Public\\Desktop\\Google Chrome.lnk") returned="C:\\Users\\Public\\Desktop\\Google Chrome.lnk" [0053.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Google Chrome.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 18 [0053.143] GetProcessHeap () returned 0x570000 [0053.143] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x12) returned 0x58fdc0 [0053.143] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Google Chrome.lnk", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Google Chrome.lnk", lpUsedDefaultChar=0x0) returned 18 [0053.143] lstrlenA (lpString="Google Chrome.lnk") returned 17 [0053.143] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.143] lstrlenA (lpString="Google Chrome.lnk") returned 17 [0053.144] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.144] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="decrypt_files.html") returned 1 [0053.144] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0053.144] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0053.144] lstrcmpiW (lpString1="Google Chrome.lnk", lpString2="sihvgt.exe") returned -1 [0053.144] _alloca_probe () returned 0x40908b [0053.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Desktop\\Google Chrome.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 42 [0053.144] GetProcessHeap () returned 0x570000 [0053.144] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2a) returned 0x588f58 [0053.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Desktop\\Google Chrome.lnk", cchWideChar=-1, lpMultiByteStr=0x588f58, cbMultiByte=42, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Desktop\\Google Chrome.lnk", lpUsedDefaultChar=0x0) returned 42 [0053.144] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0053.144] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{2AC82728-3D5C-4644-AB07-4660DB944525}") returned 38 [0053.144] lstrlenA (lpString="{2AC82728-3D5C-4644-AB07-4660DB944525}") returned 38 [0053.144] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0053.147] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=2257) returned 1 [0053.147] lstrlenA (lpString="{2AC82728-3D5C-4644-AB07-4660DB944525}") returned 38 [0053.147] GetProcessHeap () returned 0x570000 [0053.148] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5922e0 [0053.148] GetProcessHeap () returned 0x570000 [0053.148] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592358 [0053.148] lstrlenA (lpString="C:\\Users\\Public\\Desktop\\Google Chrome.lnk") returned 41 [0053.176] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x8d1, lpOverlapped=0x0) returned 1 [0053.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.177] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x8e0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x8e0, lpOverlapped=0x0) returned 1 [0053.177] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.177] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0053.177] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0053.178] lstrlenA (lpString="rsa_encrypt") returned 11 [0053.178] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592480) returned 1 [0053.178] CryptGenRandom (in: hProv=0x592480, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0053.179] CryptReleaseContext (hProv=0x592480, dwFlags=0x0) returned 1 [0053.179] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0053.179] GetProcessHeap () returned 0x570000 [0053.179] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923e0 [0053.179] lstrlenA (lpString="010001") returned 6 [0053.189] GetProcessHeap () returned 0x570000 [0053.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee50 [0053.189] GetProcessHeap () returned 0x570000 [0053.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0053.189] GetProcessHeap () returned 0x570000 [0053.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0053.189] GetProcessHeap () returned 0x570000 [0053.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0053.189] GetProcessHeap () returned 0x570000 [0053.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0053.189] GetProcessHeap () returned 0x570000 [0053.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0053.189] GetProcessHeap () returned 0x570000 [0053.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee70 [0053.189] GetProcessHeap () returned 0x570000 [0053.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0053.190] GetProcessHeap () returned 0x570000 [0053.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.190] GetProcessHeap () returned 0x570000 [0053.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0053.190] GetProcessHeap () returned 0x570000 [0053.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0053.190] GetProcessHeap () returned 0x570000 [0053.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5924f0 [0053.190] GetProcessHeap () returned 0x570000 [0053.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.190] GetProcessHeap () returned 0x570000 [0053.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0053.190] GetProcessHeap () returned 0x570000 [0053.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0053.190] GetProcessHeap () returned 0x570000 [0053.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0053.190] GetProcessHeap () returned 0x570000 [0053.190] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0053.190] GetProcessHeap () returned 0x570000 [0053.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.191] GetProcessHeap () returned 0x570000 [0053.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.191] GetProcessHeap () returned 0x570000 [0053.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0053.191] GetProcessHeap () returned 0x570000 [0053.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.191] GetProcessHeap () returned 0x570000 [0053.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.191] GetProcessHeap () returned 0x570000 [0053.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.191] GetProcessHeap () returned 0x570000 [0053.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.191] GetProcessHeap () returned 0x570000 [0053.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0053.191] GetProcessHeap () returned 0x570000 [0053.191] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0053.191] GetProcessHeap () returned 0x570000 [0053.191] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0053.192] GetProcessHeap () returned 0x570000 [0053.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.192] GetProcessHeap () returned 0x570000 [0053.192] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.192] GetProcessHeap () returned 0x570000 [0053.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.192] GetProcessHeap () returned 0x570000 [0053.192] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.192] GetProcessHeap () returned 0x570000 [0053.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.192] GetProcessHeap () returned 0x570000 [0053.192] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.192] GetProcessHeap () returned 0x570000 [0053.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.192] GetProcessHeap () returned 0x570000 [0053.192] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.192] GetProcessHeap () returned 0x570000 [0053.192] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.193] GetProcessHeap () returned 0x570000 [0053.193] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.193] GetProcessHeap () returned 0x570000 [0053.193] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.193] GetProcessHeap () returned 0x570000 [0053.193] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.193] GetProcessHeap () returned 0x570000 [0053.193] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.193] GetProcessHeap () returned 0x570000 [0053.193] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.193] GetProcessHeap () returned 0x570000 [0053.193] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.193] GetProcessHeap () returned 0x570000 [0053.193] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.193] GetProcessHeap () returned 0x570000 [0053.193] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.193] GetProcessHeap () returned 0x570000 [0053.193] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.194] GetProcessHeap () returned 0x570000 [0053.194] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.194] GetProcessHeap () returned 0x570000 [0053.194] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.194] GetProcessHeap () returned 0x570000 [0053.194] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.194] GetProcessHeap () returned 0x570000 [0053.194] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.194] GetProcessHeap () returned 0x570000 [0053.194] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.194] GetProcessHeap () returned 0x570000 [0053.194] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.194] GetProcessHeap () returned 0x570000 [0053.194] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.194] GetProcessHeap () returned 0x570000 [0053.194] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.195] GetProcessHeap () returned 0x570000 [0053.195] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.195] GetProcessHeap () returned 0x570000 [0053.195] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.195] GetProcessHeap () returned 0x570000 [0053.195] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.195] GetProcessHeap () returned 0x570000 [0053.195] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.195] GetProcessHeap () returned 0x570000 [0053.195] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.195] GetProcessHeap () returned 0x570000 [0053.195] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.195] GetProcessHeap () returned 0x570000 [0053.195] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.195] GetProcessHeap () returned 0x570000 [0053.195] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.196] GetProcessHeap () returned 0x570000 [0053.196] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.196] GetProcessHeap () returned 0x570000 [0053.196] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.196] GetProcessHeap () returned 0x570000 [0053.196] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.196] GetProcessHeap () returned 0x570000 [0053.196] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.196] GetProcessHeap () returned 0x570000 [0053.196] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.196] GetProcessHeap () returned 0x570000 [0053.196] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.196] GetProcessHeap () returned 0x570000 [0053.196] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.196] GetProcessHeap () returned 0x570000 [0053.196] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.196] GetProcessHeap () returned 0x570000 [0053.196] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.197] GetProcessHeap () returned 0x570000 [0053.197] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.197] GetProcessHeap () returned 0x570000 [0053.197] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.197] GetProcessHeap () returned 0x570000 [0053.197] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.197] GetProcessHeap () returned 0x570000 [0053.197] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.197] GetProcessHeap () returned 0x570000 [0053.197] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.197] GetProcessHeap () returned 0x570000 [0053.197] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.197] GetProcessHeap () returned 0x570000 [0053.197] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.197] GetProcessHeap () returned 0x570000 [0053.197] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.197] GetProcessHeap () returned 0x570000 [0053.197] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.198] GetProcessHeap () returned 0x570000 [0053.198] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.198] GetProcessHeap () returned 0x570000 [0053.198] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.198] GetProcessHeap () returned 0x570000 [0053.198] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.198] GetProcessHeap () returned 0x570000 [0053.198] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.198] GetProcessHeap () returned 0x570000 [0053.198] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.198] GetProcessHeap () returned 0x570000 [0053.198] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.198] GetProcessHeap () returned 0x570000 [0053.198] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.198] GetProcessHeap () returned 0x570000 [0053.198] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.199] GetProcessHeap () returned 0x570000 [0053.199] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.199] GetProcessHeap () returned 0x570000 [0053.199] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.199] GetProcessHeap () returned 0x570000 [0053.199] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.199] GetProcessHeap () returned 0x570000 [0053.199] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.199] GetProcessHeap () returned 0x570000 [0053.199] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.199] GetProcessHeap () returned 0x570000 [0053.199] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.199] GetProcessHeap () returned 0x570000 [0053.199] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.199] GetProcessHeap () returned 0x570000 [0053.199] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.199] GetProcessHeap () returned 0x570000 [0053.199] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.200] GetProcessHeap () returned 0x570000 [0053.200] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.200] GetProcessHeap () returned 0x570000 [0053.200] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.200] GetProcessHeap () returned 0x570000 [0053.200] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.200] GetProcessHeap () returned 0x570000 [0053.200] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.200] GetProcessHeap () returned 0x570000 [0053.200] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.200] GetProcessHeap () returned 0x570000 [0053.200] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.200] GetProcessHeap () returned 0x570000 [0053.200] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.200] GetProcessHeap () returned 0x570000 [0053.200] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.200] GetProcessHeap () returned 0x570000 [0053.200] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.201] GetProcessHeap () returned 0x570000 [0053.201] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.201] GetProcessHeap () returned 0x570000 [0053.201] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.201] GetProcessHeap () returned 0x570000 [0053.201] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.201] GetProcessHeap () returned 0x570000 [0053.201] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.201] GetProcessHeap () returned 0x570000 [0053.201] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.201] GetProcessHeap () returned 0x570000 [0053.201] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.201] GetProcessHeap () returned 0x570000 [0053.201] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.201] GetProcessHeap () returned 0x570000 [0053.201] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.201] GetProcessHeap () returned 0x570000 [0053.201] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.202] GetProcessHeap () returned 0x570000 [0053.202] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.202] GetProcessHeap () returned 0x570000 [0053.202] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.202] GetProcessHeap () returned 0x570000 [0053.202] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.202] GetProcessHeap () returned 0x570000 [0053.202] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.202] GetProcessHeap () returned 0x570000 [0053.202] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.202] GetProcessHeap () returned 0x570000 [0053.202] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.202] GetProcessHeap () returned 0x570000 [0053.202] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.202] GetProcessHeap () returned 0x570000 [0053.202] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.202] GetProcessHeap () returned 0x570000 [0053.202] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.202] GetProcessHeap () returned 0x570000 [0053.203] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.205] GetProcessHeap () returned 0x570000 [0053.206] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.206] GetProcessHeap () returned 0x570000 [0053.206] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.206] GetProcessHeap () returned 0x570000 [0053.206] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.206] GetProcessHeap () returned 0x570000 [0053.206] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.206] GetProcessHeap () returned 0x570000 [0053.206] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0053.206] GetProcessHeap () returned 0x570000 [0053.206] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0053.206] GetProcessHeap () returned 0x570000 [0053.206] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924f0 | out: hHeap=0x570000) returned 1 [0053.206] GetProcessHeap () returned 0x570000 [0053.206] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0053.206] GetProcessHeap () returned 0x570000 [0053.206] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.207] GetProcessHeap () returned 0x570000 [0053.207] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0053.207] GetProcessHeap () returned 0x570000 [0053.207] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0053.207] GetProcessHeap () returned 0x570000 [0053.207] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0053.207] GetProcessHeap () returned 0x570000 [0053.207] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0053.207] GetProcessHeap () returned 0x570000 [0053.207] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0053.207] GetProcessHeap () returned 0x570000 [0053.207] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0053.207] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0053.207] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0053.207] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0053.208] CloseHandle (hObject=0x80) returned 1 [0053.213] GetProcessHeap () returned 0x570000 [0053.213] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f58 | out: hHeap=0x570000) returned 1 [0053.213] GetProcessHeap () returned 0x570000 [0053.213] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0053.214] GetProcessHeap () returned 0x570000 [0053.214] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592358 | out: hHeap=0x570000) returned 1 [0053.214] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Desktop\\Google Chrome.lnk" | out: lpString1="C:\\Users\\Public\\Desktop\\Google Chrome.lnk") returned="C:\\Users\\Public\\Desktop\\Google Chrome.lnk" [0053.214] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\Google Chrome.lnk", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Desktop\\Google Chrome.lnk.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Desktop\\Google Chrome.lnk.{Killback@protonmail.com}KBK" [0053.214] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Google Chrome.lnk" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Google Chrome.lnk.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\desktop\\google chrome.lnk.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0053.215] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Desktop\\Google Chrome.lnk" | out: pszPath="C:\\Users\\Public\\Desktop") returned 1 [0053.215] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0053.215] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Desktop\\decrypt_files.html") returned="C:\\Users\\Public\\Desktop\\decrypt_files.html" [0053.216] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Desktop\\decrypt_files.html" (normalized: "c:\\users\\public\\desktop\\decrypt_files.html")) returned 0x20 [0053.216] GetProcessHeap () returned 0x570000 [0053.216] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0053.216] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0053.216] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2=".") returned 1 [0053.216] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="..") returned 1 [0053.216] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="Mozilla Firefox.lnk" | out: lpString1="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk") returned="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" [0053.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Mozilla Firefox.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0053.216] GetProcessHeap () returned 0x570000 [0053.216] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x14) returned 0x58fdc0 [0053.216] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Mozilla Firefox.lnk", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mozilla Firefox.lnk", lpUsedDefaultChar=0x0) returned 20 [0053.216] lstrlenA (lpString="Mozilla Firefox.lnk") returned 19 [0053.216] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.216] lstrlenA (lpString="Mozilla Firefox.lnk") returned 19 [0053.216] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.216] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="decrypt_files.html") returned 1 [0053.217] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0053.217] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0053.217] lstrcmpiW (lpString1="Mozilla Firefox.lnk", lpString2="sihvgt.exe") returned -1 [0053.217] _alloca_probe () returned 0x40908b [0053.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0053.217] GetProcessHeap () returned 0x570000 [0053.217] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2c) returned 0x588f58 [0053.217] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", cchWideChar=-1, lpMultiByteStr=0x588f58, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", lpUsedDefaultChar=0x0) returned 44 [0053.217] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0053.220] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{41553D53-66C2-42BD-8965-CAB7768B7A88}") returned 38 [0053.220] lstrlenA (lpString="{41553D53-66C2-42BD-8965-CAB7768B7A88}") returned 38 [0053.220] CreateFileW (lpFileName="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0053.220] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=1157) returned 1 [0053.220] lstrlenA (lpString="{41553D53-66C2-42BD-8965-CAB7768B7A88}") returned 38 [0053.220] GetProcessHeap () returned 0x570000 [0053.220] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5922e0 [0053.220] GetProcessHeap () returned 0x570000 [0053.221] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592358 [0053.221] lstrlenA (lpString="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk") returned 43 [0053.246] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x485, lpOverlapped=0x0) returned 1 [0053.246] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.247] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x490, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x490, lpOverlapped=0x0) returned 1 [0053.247] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.247] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0053.247] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0053.247] lstrlenA (lpString="rsa_encrypt") returned 11 [0053.247] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592480) returned 1 [0053.248] CryptGenRandom (in: hProv=0x592480, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0053.248] CryptReleaseContext (hProv=0x592480, dwFlags=0x0) returned 1 [0053.248] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0053.248] GetProcessHeap () returned 0x570000 [0053.248] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923e0 [0053.249] lstrlenA (lpString="010001") returned 6 [0053.249] GetProcessHeap () returned 0x570000 [0053.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee50 [0053.249] GetProcessHeap () returned 0x570000 [0053.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0053.249] GetProcessHeap () returned 0x570000 [0053.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0053.249] GetProcessHeap () returned 0x570000 [0053.249] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0053.249] GetProcessHeap () returned 0x570000 [0053.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0053.249] GetProcessHeap () returned 0x570000 [0053.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0053.249] GetProcessHeap () returned 0x570000 [0053.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee90 [0053.249] GetProcessHeap () returned 0x570000 [0053.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0053.249] GetProcessHeap () returned 0x570000 [0053.250] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.250] GetProcessHeap () returned 0x570000 [0053.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0053.250] GetProcessHeap () returned 0x570000 [0053.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0053.250] GetProcessHeap () returned 0x570000 [0053.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5924f0 [0053.250] GetProcessHeap () returned 0x570000 [0053.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0053.250] GetProcessHeap () returned 0x570000 [0053.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0053.250] GetProcessHeap () returned 0x570000 [0053.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0053.250] GetProcessHeap () returned 0x570000 [0053.250] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0053.250] GetProcessHeap () returned 0x570000 [0053.250] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0053.250] GetProcessHeap () returned 0x570000 [0053.250] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.251] GetProcessHeap () returned 0x570000 [0053.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.251] GetProcessHeap () returned 0x570000 [0053.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0053.251] GetProcessHeap () returned 0x570000 [0053.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0053.251] GetProcessHeap () returned 0x570000 [0053.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.251] GetProcessHeap () returned 0x570000 [0053.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.251] GetProcessHeap () returned 0x570000 [0053.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.251] GetProcessHeap () returned 0x570000 [0053.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0053.251] GetProcessHeap () returned 0x570000 [0053.251] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0053.251] GetProcessHeap () returned 0x570000 [0053.251] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0053.251] GetProcessHeap () returned 0x570000 [0053.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.252] GetProcessHeap () returned 0x570000 [0053.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.252] GetProcessHeap () returned 0x570000 [0053.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.252] GetProcessHeap () returned 0x570000 [0053.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.252] GetProcessHeap () returned 0x570000 [0053.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.252] GetProcessHeap () returned 0x570000 [0053.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.252] GetProcessHeap () returned 0x570000 [0053.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.252] GetProcessHeap () returned 0x570000 [0053.252] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.252] GetProcessHeap () returned 0x570000 [0053.252] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.252] GetProcessHeap () returned 0x570000 [0053.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.253] GetProcessHeap () returned 0x570000 [0053.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.253] GetProcessHeap () returned 0x570000 [0053.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.253] GetProcessHeap () returned 0x570000 [0053.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.253] GetProcessHeap () returned 0x570000 [0053.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.253] GetProcessHeap () returned 0x570000 [0053.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.253] GetProcessHeap () returned 0x570000 [0053.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.253] GetProcessHeap () returned 0x570000 [0053.253] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.253] GetProcessHeap () returned 0x570000 [0053.253] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.253] GetProcessHeap () returned 0x570000 [0053.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.254] GetProcessHeap () returned 0x570000 [0053.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.254] GetProcessHeap () returned 0x570000 [0053.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.254] GetProcessHeap () returned 0x570000 [0053.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.254] GetProcessHeap () returned 0x570000 [0053.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.254] GetProcessHeap () returned 0x570000 [0053.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.254] GetProcessHeap () returned 0x570000 [0053.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.254] GetProcessHeap () returned 0x570000 [0053.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.254] GetProcessHeap () returned 0x570000 [0053.254] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.254] GetProcessHeap () returned 0x570000 [0053.254] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.255] GetProcessHeap () returned 0x570000 [0053.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.255] GetProcessHeap () returned 0x570000 [0053.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.255] GetProcessHeap () returned 0x570000 [0053.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.255] GetProcessHeap () returned 0x570000 [0053.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.255] GetProcessHeap () returned 0x570000 [0053.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.255] GetProcessHeap () returned 0x570000 [0053.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.255] GetProcessHeap () returned 0x570000 [0053.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.255] GetProcessHeap () returned 0x570000 [0053.255] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.255] GetProcessHeap () returned 0x570000 [0053.255] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.256] GetProcessHeap () returned 0x570000 [0053.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.256] GetProcessHeap () returned 0x570000 [0053.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.256] GetProcessHeap () returned 0x570000 [0053.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.256] GetProcessHeap () returned 0x570000 [0053.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.256] GetProcessHeap () returned 0x570000 [0053.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.256] GetProcessHeap () returned 0x570000 [0053.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.256] GetProcessHeap () returned 0x570000 [0053.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.256] GetProcessHeap () returned 0x570000 [0053.256] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.256] GetProcessHeap () returned 0x570000 [0053.256] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.256] GetProcessHeap () returned 0x570000 [0053.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.257] GetProcessHeap () returned 0x570000 [0053.257] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.257] GetProcessHeap () returned 0x570000 [0053.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.257] GetProcessHeap () returned 0x570000 [0053.257] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.257] GetProcessHeap () returned 0x570000 [0053.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.257] GetProcessHeap () returned 0x570000 [0053.257] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.257] GetProcessHeap () returned 0x570000 [0053.257] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.257] GetProcessHeap () returned 0x570000 [0053.258] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.258] GetProcessHeap () returned 0x570000 [0053.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.258] GetProcessHeap () returned 0x570000 [0053.258] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.258] GetProcessHeap () returned 0x570000 [0053.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.258] GetProcessHeap () returned 0x570000 [0053.258] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.258] GetProcessHeap () returned 0x570000 [0053.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.258] GetProcessHeap () returned 0x570000 [0053.258] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.258] GetProcessHeap () returned 0x570000 [0053.258] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.258] GetProcessHeap () returned 0x570000 [0053.258] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.258] GetProcessHeap () returned 0x570000 [0053.259] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.259] GetProcessHeap () returned 0x570000 [0053.259] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.259] GetProcessHeap () returned 0x570000 [0053.259] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.259] GetProcessHeap () returned 0x570000 [0053.259] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.259] GetProcessHeap () returned 0x570000 [0053.259] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.259] GetProcessHeap () returned 0x570000 [0053.259] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.259] GetProcessHeap () returned 0x570000 [0053.259] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.259] GetProcessHeap () returned 0x570000 [0053.260] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.260] GetProcessHeap () returned 0x570000 [0053.260] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.260] GetProcessHeap () returned 0x570000 [0053.260] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.260] GetProcessHeap () returned 0x570000 [0053.260] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.260] GetProcessHeap () returned 0x570000 [0053.260] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.260] GetProcessHeap () returned 0x570000 [0053.260] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.260] GetProcessHeap () returned 0x570000 [0053.260] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.260] GetProcessHeap () returned 0x570000 [0053.260] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.260] GetProcessHeap () returned 0x570000 [0053.260] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.261] GetProcessHeap () returned 0x570000 [0053.261] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.261] GetProcessHeap () returned 0x570000 [0053.261] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.261] GetProcessHeap () returned 0x570000 [0053.261] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.261] GetProcessHeap () returned 0x570000 [0053.261] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.261] GetProcessHeap () returned 0x570000 [0053.261] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.261] GetProcessHeap () returned 0x570000 [0053.261] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.261] GetProcessHeap () returned 0x570000 [0053.261] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.261] GetProcessHeap () returned 0x570000 [0053.261] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.261] GetProcessHeap () returned 0x570000 [0053.261] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.262] GetProcessHeap () returned 0x570000 [0053.262] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.262] GetProcessHeap () returned 0x570000 [0053.262] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.262] GetProcessHeap () returned 0x570000 [0053.262] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.262] GetProcessHeap () returned 0x570000 [0053.262] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.262] GetProcessHeap () returned 0x570000 [0053.262] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.262] GetProcessHeap () returned 0x570000 [0053.262] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.262] GetProcessHeap () returned 0x570000 [0053.262] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.262] GetProcessHeap () returned 0x570000 [0053.262] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.262] GetProcessHeap () returned 0x570000 [0053.262] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.263] GetProcessHeap () returned 0x570000 [0053.263] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.263] GetProcessHeap () returned 0x570000 [0053.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.263] GetProcessHeap () returned 0x570000 [0053.263] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.263] GetProcessHeap () returned 0x570000 [0053.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0053.263] GetProcessHeap () returned 0x570000 [0053.263] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.263] GetProcessHeap () returned 0x570000 [0053.263] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0053.263] GetProcessHeap () returned 0x570000 [0053.263] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0053.263] GetProcessHeap () returned 0x570000 [0053.263] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924f0 | out: hHeap=0x570000) returned 1 [0053.263] GetProcessHeap () returned 0x570000 [0053.263] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0053.263] GetProcessHeap () returned 0x570000 [0053.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.264] GetProcessHeap () returned 0x570000 [0053.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0053.264] GetProcessHeap () returned 0x570000 [0053.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0053.264] GetProcessHeap () returned 0x570000 [0053.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0053.264] GetProcessHeap () returned 0x570000 [0053.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0053.264] GetProcessHeap () returned 0x570000 [0053.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0053.264] GetProcessHeap () returned 0x570000 [0053.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0053.264] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0053.264] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0053.265] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0053.265] CloseHandle (hObject=0x80) returned 1 [0053.383] GetProcessHeap () returned 0x570000 [0053.383] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f58 | out: hHeap=0x570000) returned 1 [0053.383] GetProcessHeap () returned 0x570000 [0053.383] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0053.383] GetProcessHeap () returned 0x570000 [0053.383] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592358 | out: hHeap=0x570000) returned 1 [0053.383] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" | out: lpString1="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk") returned="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" [0053.383] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.{Killback@protonmail.com}KBK") returned="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.{Killback@protonmail.com}KBK" [0053.383] MoveFileExW (lpExistingFileName="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk"), lpNewFileName="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\public\\desktop\\mozilla firefox.lnk.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0053.384] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Public\\Desktop\\Mozilla Firefox.lnk" | out: pszPath="C:\\Users\\Public\\Desktop") returned 1 [0053.384] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Public\\Desktop\\") returned="C:\\Users\\Public\\Desktop\\" [0053.384] lstrcatW (in: lpString1="C:\\Users\\Public\\Desktop\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Public\\Desktop\\decrypt_files.html") returned="C:\\Users\\Public\\Desktop\\decrypt_files.html" [0053.384] GetFileAttributesW (lpFileName="C:\\Users\\Public\\Desktop\\decrypt_files.html" (normalized: "c:\\users\\public\\desktop\\decrypt_files.html")) returned 0x20 [0053.384] GetProcessHeap () returned 0x570000 [0053.384] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0053.384] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 0 [0053.384] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0053.385] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default User\\" | out: lpString1="C:\\Users\\Default User\\") returned="C:\\Users\\Default User\\" [0053.385] GetProcessHeap () returned 0x570000 [0053.385] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f20 | out: hHeap=0x570000) returned 1 [0053.385] GetProcessHeap () returned 0x570000 [0053.385] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0053.385] lstrlenW (lpString="C:\\Users\\Default User\\") returned 22 [0053.385] lstrcatW (in: lpString1="C:\\Users\\Default User\\", lpString2="*" | out: lpString1="C:\\Users\\Default User\\*") returned="C:\\Users\\Default User\\*" [0053.385] FindFirstFileW (in: lpFileName="C:\\Users\\Default User\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 0xffffffff [0053.385] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0053.385] GetProcessHeap () returned 0x570000 [0053.385] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ef0 | out: hHeap=0x570000) returned 1 [0053.385] GetProcessHeap () returned 0x570000 [0053.385] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee40 | out: hHeap=0x570000) returned 1 [0053.385] lstrlenW (lpString="C:\\Users\\Default\\") returned 17 [0053.385] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\*") returned="C:\\Users\\Default\\*" [0053.385] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x588da8 [0053.385] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0053.385] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0053.385] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0053.386] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0053.386] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0053.386] lstrcmpiW (lpString1="AppData", lpString2=".") returned 1 [0053.386] lstrcmpiW (lpString1="AppData", lpString2="..") returned 1 [0053.386] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="AppData" | out: lpString1="C:\\Users\\Default\\AppData") returned="C:\\Users\\Default\\AppData" [0053.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AppData", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0053.386] GetProcessHeap () returned 0x570000 [0053.386] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee40 [0053.386] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="AppData", cchWideChar=-1, lpMultiByteStr=0x58ee40, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="AppData", lpUsedDefaultChar=0x0) returned 8 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.387] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="AppData", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.387] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0053.387] GetProcessHeap () returned 0x570000 [0053.387] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee30 [0053.388] lstrlenW (lpString="C:\\Users\\Default\\AppData\\") returned 25 [0053.388] GetProcessHeap () returned 0x570000 [0053.388] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34) returned 0x588ef0 [0053.388] lstrcpyW (in: lpString1=0x588ef0, lpString2="C:\\Users\\Default\\AppData\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0053.388] GetProcessHeap () returned 0x570000 [0053.388] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee40 | out: hHeap=0x570000) returned 1 [0053.388] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0053.388] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0053.388] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0053.388] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Application Data" | out: lpString1="C:\\Users\\Default\\Application Data") returned="C:\\Users\\Default\\Application Data" [0053.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Application Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0053.388] GetProcessHeap () returned 0x570000 [0053.388] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x58fdc0 [0053.388] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Application Data", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Application Data", lpUsedDefaultChar=0x0) returned 17 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.388] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.389] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.389] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0053.390] GetProcessHeap () returned 0x570000 [0053.390] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee40 [0053.390] lstrlenW (lpString="C:\\Users\\Default\\Application Data\\") returned 34 [0053.390] GetProcessHeap () returned 0x570000 [0053.390] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x46) returned 0x589108 [0053.390] lstrcpyW (in: lpString1=0x589108, lpString2="C:\\Users\\Default\\Application Data\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0053.390] GetProcessHeap () returned 0x570000 [0053.390] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0053.390] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0053.390] lstrcmpiW (lpString1="Contacts", lpString2=".") returned 1 [0053.390] lstrcmpiW (lpString1="Contacts", lpString2="..") returned 1 [0053.390] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Contacts" | out: lpString1="C:\\Users\\Default\\Contacts") returned="C:\\Users\\Default\\Contacts" [0053.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Contacts", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0053.390] GetProcessHeap () returned 0x570000 [0053.390] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0053.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Contacts", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Contacts", lpUsedDefaultChar=0x0) returned 9 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.390] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0053.391] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.392] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0053.392] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.392] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.392] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.392] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.392] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Contacts", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.392] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0053.392] GetProcessHeap () returned 0x570000 [0053.392] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee50 [0053.392] lstrlenW (lpString="C:\\Users\\Default\\Contacts\\") returned 26 [0053.392] GetProcessHeap () returned 0x570000 [0053.392] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x588f30 [0053.392] lstrcpyW (in: lpString1=0x588f30, lpString2="C:\\Users\\Default\\Contacts\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0053.392] GetProcessHeap () returned 0x570000 [0053.392] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.392] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0053.392] lstrcmpiW (lpString1="Cookies", lpString2=".") returned 1 [0053.392] lstrcmpiW (lpString1="Cookies", lpString2="..") returned 1 [0053.392] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Cookies" | out: lpString1="C:\\Users\\Default\\Cookies") returned="C:\\Users\\Default\\Cookies" [0053.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Cookies", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0053.392] GetProcessHeap () returned 0x570000 [0053.392] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee70 [0053.392] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Cookies", cchWideChar=-1, lpMultiByteStr=0x58ee70, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Cookies", lpUsedDefaultChar=0x0) returned 8 [0053.392] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.392] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0053.392] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0053.392] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.393] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.394] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Cookies", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.394] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0053.394] GetProcessHeap () returned 0x570000 [0053.394] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee90 [0053.394] lstrlenW (lpString="C:\\Users\\Default\\Cookies\\") returned 25 [0053.394] GetProcessHeap () returned 0x570000 [0053.394] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34) returned 0x588f70 [0053.394] lstrcpyW (in: lpString1=0x588f70, lpString2="C:\\Users\\Default\\Cookies\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0053.394] GetProcessHeap () returned 0x570000 [0053.394] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.394] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0053.394] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0053.394] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0053.394] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Desktop" | out: lpString1="C:\\Users\\Default\\Desktop") returned="C:\\Users\\Default\\Desktop" [0053.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Desktop", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0053.395] GetProcessHeap () returned 0x570000 [0053.395] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee70 [0053.395] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Desktop", cchWideChar=-1, lpMultiByteStr=0x58ee70, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Desktop", lpUsedDefaultChar=0x0) returned 8 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0053.395] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.396] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.396] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0053.396] GetProcessHeap () returned 0x570000 [0053.396] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee80 [0053.396] lstrlenW (lpString="C:\\Users\\Default\\Desktop\\") returned 25 [0053.396] GetProcessHeap () returned 0x570000 [0053.397] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34) returned 0x5922e0 [0053.397] lstrcpyW (in: lpString1=0x5922e0, lpString2="C:\\Users\\Default\\Desktop\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0053.397] GetProcessHeap () returned 0x570000 [0053.397] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0053.397] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0053.397] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0053.397] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0053.397] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Documents" | out: lpString1="C:\\Users\\Default\\Documents") returned="C:\\Users\\Default\\Documents" [0053.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Documents", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0053.397] GetProcessHeap () returned 0x570000 [0053.397] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0053.397] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Documents", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Documents", lpUsedDefaultChar=0x0) returned 10 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.397] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0053.398] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.399] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.399] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.399] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.399] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.399] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0053.399] GetProcessHeap () returned 0x570000 [0053.399] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee70 [0053.399] lstrlenW (lpString="C:\\Users\\Default\\Documents\\") returned 27 [0053.399] GetProcessHeap () returned 0x570000 [0053.399] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x38) returned 0x592320 [0053.399] lstrcpyW (in: lpString1=0x592320, lpString2="C:\\Users\\Default\\Documents\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0053.399] GetProcessHeap () returned 0x570000 [0053.399] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.399] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0053.399] lstrcmpiW (lpString1="Downloads", lpString2=".") returned 1 [0053.399] lstrcmpiW (lpString1="Downloads", lpString2="..") returned 1 [0053.399] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Downloads" | out: lpString1="C:\\Users\\Default\\Downloads") returned="C:\\Users\\Default\\Downloads" [0053.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Downloads", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0053.399] GetProcessHeap () returned 0x570000 [0053.399] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0053.399] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Downloads", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Downloads", lpUsedDefaultChar=0x0) returned 10 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.400] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.401] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Downloads", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.401] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0053.401] GetProcessHeap () returned 0x570000 [0053.401] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee60 [0053.401] lstrlenW (lpString="C:\\Users\\Default\\Downloads\\") returned 27 [0053.401] GetProcessHeap () returned 0x570000 [0053.401] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x38) returned 0x592360 [0053.401] lstrcpyW (in: lpString1=0x592360, lpString2="C:\\Users\\Default\\Downloads\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0053.402] GetProcessHeap () returned 0x570000 [0053.402] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.402] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0053.402] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0053.402] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0053.402] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Favorites" | out: lpString1="C:\\Users\\Default\\Favorites") returned="C:\\Users\\Default\\Favorites" [0053.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Favorites", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0053.402] GetProcessHeap () returned 0x570000 [0053.402] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0053.402] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Favorites", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Favorites", lpUsedDefaultChar=0x0) returned 10 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.402] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.403] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.404] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0053.404] GetProcessHeap () returned 0x570000 [0053.404] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eeb0 [0053.404] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\") returned 27 [0053.404] GetProcessHeap () returned 0x570000 [0053.404] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x38) returned 0x5923a0 [0053.404] lstrcpyW (in: lpString1=0x5923a0, lpString2="C:\\Users\\Default\\Favorites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0053.404] GetProcessHeap () returned 0x570000 [0053.404] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.404] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0053.404] lstrcmpiW (lpString1="Links", lpString2=".") returned 1 [0053.404] lstrcmpiW (lpString1="Links", lpString2="..") returned 1 [0053.404] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Links" | out: lpString1="C:\\Users\\Default\\Links") returned="C:\\Users\\Default\\Links" [0053.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Links", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0053.404] GetProcessHeap () returned 0x570000 [0053.404] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x6) returned 0x58eec0 [0053.404] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Links", cchWideChar=-1, lpMultiByteStr=0x58eec0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Links", lpUsedDefaultChar=0x0) returned 6 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.404] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.405] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0053.406] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.406] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.406] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0053.406] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.406] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0053.406] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.406] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.406] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.406] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.406] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.406] lstrcatW (in: lpString1="C:\\Users\\Default\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0053.406] GetProcessHeap () returned 0x570000 [0053.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eea0 [0053.406] lstrlenW (lpString="C:\\Users\\Default\\Links\\") returned 23 [0053.406] GetProcessHeap () returned 0x570000 [0053.406] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x5923e0 [0053.406] lstrcpyW (in: lpString1=0x5923e0, lpString2="C:\\Users\\Default\\Links\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0053.406] GetProcessHeap () returned 0x570000 [0053.406] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0053.406] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0053.406] lstrcmpiW (lpString1="Local Settings", lpString2=".") returned 1 [0053.406] lstrcmpiW (lpString1="Local Settings", lpString2="..") returned 1 [0053.406] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Local Settings" | out: lpString1="C:\\Users\\Default\\Local Settings") returned="C:\\Users\\Default\\Local Settings" [0053.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Local Settings", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0053.407] GetProcessHeap () returned 0x570000 [0053.407] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590f68 [0053.407] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Local Settings", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Local Settings", lpUsedDefaultChar=0x0) returned 15 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.407] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.408] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local Settings", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.408] lstrcatW (in: lpString1="C:\\Users\\Default\\Local Settings", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Local Settings\\") returned="C:\\Users\\Default\\Local Settings\\" [0053.408] GetProcessHeap () returned 0x570000 [0053.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eec0 [0053.409] lstrlenW (lpString="C:\\Users\\Default\\Local Settings\\") returned 32 [0053.409] GetProcessHeap () returned 0x570000 [0053.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x42) returned 0x589158 [0053.409] lstrcpyW (in: lpString1=0x589158, lpString2="C:\\Users\\Default\\Local Settings\\" | out: lpString1="C:\\Users\\Default\\Local Settings\\") returned="C:\\Users\\Default\\Local Settings\\" [0053.409] GetProcessHeap () returned 0x570000 [0053.409] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.409] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0053.409] lstrcmpiW (lpString1="Music", lpString2=".") returned 1 [0053.409] lstrcmpiW (lpString1="Music", lpString2="..") returned 1 [0053.409] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Music" | out: lpString1="C:\\Users\\Default\\Music") returned="C:\\Users\\Default\\Music" [0053.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Music", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0053.409] GetProcessHeap () returned 0x570000 [0053.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x6) returned 0x58eef0 [0053.409] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Music", cchWideChar=-1, lpMultiByteStr=0x58eef0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Music", lpUsedDefaultChar=0x0) returned 6 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.409] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.410] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0053.411] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.411] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0053.411] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.411] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.411] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.411] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.411] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Music", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.411] lstrcatW (in: lpString1="C:\\Users\\Default\\Music", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Music\\") returned="C:\\Users\\Default\\Music\\" [0053.411] GetProcessHeap () returned 0x570000 [0053.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eee0 [0053.411] lstrlenW (lpString="C:\\Users\\Default\\Music\\") returned 23 [0053.411] GetProcessHeap () returned 0x570000 [0053.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x592418 [0053.411] lstrcpyW (in: lpString1=0x592418, lpString2="C:\\Users\\Default\\Music\\" | out: lpString1="C:\\Users\\Default\\Music\\") returned="C:\\Users\\Default\\Music\\" [0053.411] GetProcessHeap () returned 0x570000 [0053.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0053.411] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0053.411] lstrcmpiW (lpString1="My Documents", lpString2=".") returned 1 [0053.411] lstrcmpiW (lpString1="My Documents", lpString2="..") returned 1 [0053.411] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="My Documents" | out: lpString1="C:\\Users\\Default\\My Documents") returned="C:\\Users\\Default\\My Documents" [0053.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Documents", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0053.411] GetProcessHeap () returned 0x570000 [0053.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0053.411] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Documents", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="My Documents", lpUsedDefaultChar=0x0) returned 13 [0053.411] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.411] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0053.411] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.412] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.413] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Documents", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.413] lstrcatW (in: lpString1="C:\\Users\\Default\\My Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\My Documents\\") returned="C:\\Users\\Default\\My Documents\\" [0053.413] GetProcessHeap () returned 0x570000 [0053.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eef0 [0053.414] lstrlenW (lpString="C:\\Users\\Default\\My Documents\\") returned 30 [0053.414] GetProcessHeap () returned 0x570000 [0053.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3e) returned 0x5876f8 [0053.414] lstrcpyW (in: lpString1=0x5876f8, lpString2="C:\\Users\\Default\\My Documents\\" | out: lpString1="C:\\Users\\Default\\My Documents\\") returned="C:\\Users\\Default\\My Documents\\" [0053.414] GetProcessHeap () returned 0x570000 [0053.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.414] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0053.414] lstrcmpiW (lpString1="NetHood", lpString2=".") returned 1 [0053.414] lstrcmpiW (lpString1="NetHood", lpString2="..") returned 1 [0053.414] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NetHood" | out: lpString1="C:\\Users\\Default\\NetHood") returned="C:\\Users\\Default\\NetHood" [0053.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NetHood", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0053.414] GetProcessHeap () returned 0x570000 [0053.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eed0 [0053.414] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NetHood", cchWideChar=-1, lpMultiByteStr=0x58eed0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NetHood", lpUsedDefaultChar=0x0) returned 8 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0053.414] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0053.415] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0053.416] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0053.416] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0053.416] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0053.416] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0053.416] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="NetHood", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0053.416] lstrcatW (in: lpString1="C:\\Users\\Default\\NetHood", lpString2="\\" | out: lpString1="C:\\Users\\Default\\NetHood\\") returned="C:\\Users\\Default\\NetHood\\" [0053.416] GetProcessHeap () returned 0x570000 [0053.416] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef00 [0053.416] lstrlenW (lpString="C:\\Users\\Default\\NetHood\\") returned 25 [0053.416] GetProcessHeap () returned 0x570000 [0053.416] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34) returned 0x592450 [0053.416] lstrcpyW (in: lpString1=0x592450, lpString2="C:\\Users\\Default\\NetHood\\" | out: lpString1="C:\\Users\\Default\\NetHood\\") returned="C:\\Users\\Default\\NetHood\\" [0053.416] GetProcessHeap () returned 0x570000 [0053.416] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0053.416] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0053.416] lstrcmpiW (lpString1="NTUSER.DAT", lpString2=".") returned 1 [0053.416] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="..") returned 1 [0053.416] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT") returned="C:\\Users\\Default\\NTUSER.DAT" [0053.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0053.416] GetProcessHeap () returned 0x570000 [0053.416] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590f68 [0053.416] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NTUSER.DAT", lpUsedDefaultChar=0x0) returned 11 [0053.416] lstrlenA (lpString="NTUSER.DAT") returned 10 [0053.416] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.416] lstrlenA (lpString="NTUSER.DAT") returned 10 [0053.416] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.416] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="decrypt_files.html") returned 1 [0053.417] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0053.417] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0053.417] lstrcmpiW (lpString1="NTUSER.DAT", lpString2="sihvgt.exe") returned -1 [0053.417] _alloca_probe () returned 0x40908b [0053.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0053.417] GetProcessHeap () returned 0x570000 [0053.417] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x590698 [0053.417] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\NTUSER.DAT", lpUsedDefaultChar=0x0) returned 28 [0053.417] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0053.417] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{0F3459F3-EC20-48E4-8782-4DC085090D4F}") returned 38 [0053.417] lstrlenA (lpString="{0F3459F3-EC20-48E4-8782-4DC085090D4F}") returned 38 [0053.417] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0053.468] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=786432) returned 1 [0053.469] lstrlenA (lpString="{0F3459F3-EC20-48E4-8782-4DC085090D4F}") returned 38 [0053.469] GetProcessHeap () returned 0x570000 [0053.469] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592490 [0053.469] GetProcessHeap () returned 0x570000 [0053.469] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592508 [0053.469] lstrlenA (lpString="C:\\Users\\Default\\NTUSER.DAT") returned 27 [0053.488] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.612] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.612] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.613] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.613] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.750] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.751] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.751] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.751] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.751] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.751] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.751] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.751] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.751] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.752] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.752] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.752] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.752] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.752] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.753] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.753] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.753] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.753] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.753] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.753] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.753] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.754] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.754] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.754] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.754] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.754] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.754] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.754] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.756] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.757] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.757] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.757] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.758] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.758] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.758] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.759] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.759] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.760] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.760] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.760] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.761] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.761] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.761] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.761] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.762] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.762] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.762] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.762] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.763] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.764] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.764] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.764] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.764] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.765] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.765] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.765] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.765] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.766] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.766] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.766] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.769] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.769] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.769] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.769] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.770] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.770] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.770] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.770] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.771] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.771] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.772] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.772] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.781] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.781] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.781] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.781] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.782] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.782] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.782] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.782] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.783] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.783] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.783] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.783] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.784] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.784] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.784] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.784] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.785] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.785] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.786] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.786] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.786] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.787] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.787] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.787] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.788] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.788] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.788] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.788] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.795] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.795] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.795] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.795] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.796] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.796] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.796] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.797] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.797] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.797] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.798] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.798] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.798] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.799] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.799] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.799] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.804] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.804] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.804] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.804] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.806] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.807] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.807] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.807] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.808] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.808] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.808] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.808] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.816] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.816] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.816] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.816] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.818] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.818] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.818] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.818] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.819] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.819] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.819] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.819] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.820] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.820] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.821] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.821] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.821] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.822] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.822] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.822] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.822] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.823] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.823] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.823] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.824] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.824] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.824] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.824] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.841] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.841] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.841] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.841] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.842] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.842] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.843] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.843] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.843] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.844] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.844] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.844] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.844] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.845] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.845] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.845] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.846] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.846] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.846] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.846] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.847] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.847] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.847] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.847] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.848] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.848] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.848] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.848] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0053.849] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0053.849] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0053.849] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.849] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x0, lpOverlapped=0x0) returned 1 [0053.849] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.849] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.849] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0053.850] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0053.851] lstrlenA (lpString="rsa_encrypt") returned 11 [0053.851] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592630) returned 1 [0053.852] CryptGenRandom (in: hProv=0x592630, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0053.852] CryptReleaseContext (hProv=0x592630, dwFlags=0x0) returned 1 [0053.852] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592590 [0053.852] lstrlenA (lpString="010001") returned 6 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592618 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592618 | out: hHeap=0x570000) returned 1 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef10 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592618 [0053.852] GetProcessHeap () returned 0x570000 [0053.852] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5926a0 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592618 | out: hHeap=0x570000) returned 1 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0053.853] GetProcessHeap () returned 0x570000 [0053.853] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0053.854] GetProcessHeap () returned 0x570000 [0053.854] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.854] GetProcessHeap () returned 0x570000 [0053.854] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.854] GetProcessHeap () returned 0x570000 [0053.854] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.854] GetProcessHeap () returned 0x570000 [0053.854] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.854] GetProcessHeap () returned 0x570000 [0053.854] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.854] GetProcessHeap () returned 0x570000 [0053.854] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.855] GetProcessHeap () returned 0x570000 [0053.855] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.855] GetProcessHeap () returned 0x570000 [0053.856] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.856] GetProcessHeap () returned 0x570000 [0053.856] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.857] GetProcessHeap () returned 0x570000 [0053.857] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.858] GetProcessHeap () returned 0x570000 [0053.858] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.859] GetProcessHeap () returned 0x570000 [0053.859] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.859] GetProcessHeap () returned 0x570000 [0053.860] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.860] GetProcessHeap () returned 0x570000 [0053.860] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.860] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926a0 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0053.861] GetProcessHeap () returned 0x570000 [0053.861] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592590 | out: hHeap=0x570000) returned 1 [0053.861] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0053.862] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0053.862] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0053.862] CloseHandle (hObject=0x80) returned 1 [0053.892] GetProcessHeap () returned 0x570000 [0053.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0053.892] GetProcessHeap () returned 0x570000 [0053.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0053.892] GetProcessHeap () returned 0x570000 [0053.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592508 | out: hHeap=0x570000) returned 1 [0053.893] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\NTUSER.DAT" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT") returned="C:\\Users\\Default\\NTUSER.DAT" [0053.893] lstrcatW (in: lpString1="C:\\Users\\Default\\NTUSER.DAT", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\NTUSER.DAT.{Killback@protonmail.com}KBK" [0053.893] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT" (normalized: "c:\\users\\default\\ntuser.dat"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\ntuser.dat.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0053.894] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\NTUSER.DAT" | out: pszPath="C:\\Users\\Default") returned 1 [0053.894] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0053.894] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\decrypt_files.html") returned="C:\\Users\\Default\\decrypt_files.html" [0053.894] GetFileAttributesW (lpFileName="C:\\Users\\Default\\decrypt_files.html" (normalized: "c:\\users\\default\\decrypt_files.html")) returned 0xffffffff [0053.896] CreateFileW (lpFileName="C:\\Users\\Default\\decrypt_files.html" (normalized: "c:\\users\\default\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0053.897] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0053.897] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0053.898] CloseHandle (hObject=0x80) returned 1 [0053.898] GetProcessHeap () returned 0x570000 [0053.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.898] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xc103692e, ftCreationTime.dwHighDateTime=0x1ca0451, ftLastAccessTime.dwLowDateTime=0x1dd1880d, ftLastAccessTime.dwHighDateTime=0x1cbf8ec, ftLastWriteTime.dwLowDateTime=0x1dd1880d, ftLastWriteTime.dwHighDateTime=0x1cbf8ec, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG", cAlternateFileName="NTUSER~3.LOG")) returned 1 [0053.898] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2=".") returned 1 [0053.898] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="..") returned 1 [0053.899] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT.LOG" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG") returned="C:\\Users\\Default\\NTUSER.DAT.LOG" [0053.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT.LOG", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0053.899] GetProcessHeap () returned 0x570000 [0053.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590f68 [0053.899] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT.LOG", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NTUSER.DAT.LOG", lpUsedDefaultChar=0x0) returned 15 [0053.899] lstrlenA (lpString="NTUSER.DAT.LOG") returned 14 [0053.900] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.900] lstrlenA (lpString="NTUSER.DAT.LOG") returned 14 [0053.900] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.900] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="decrypt_files.html") returned 1 [0053.900] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0053.900] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0053.900] lstrcmpiW (lpString1="NTUSER.DAT.LOG", lpString2="sihvgt.exe") returned -1 [0053.900] _alloca_probe () returned 0x40908b [0053.900] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT.LOG", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 32 [0053.900] GetProcessHeap () returned 0x570000 [0053.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x20) returned 0x590698 [0053.901] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT.LOG", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=32, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\NTUSER.DAT.LOG", lpUsedDefaultChar=0x0) returned 32 [0053.901] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0053.901] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{921A1963-F706-4CE3-BC1A-310FDA21783F}") returned 38 [0053.901] lstrlenA (lpString="{921A1963-F706-4CE3-BC1A-310FDA21783F}") returned 38 [0053.901] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0053.902] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=1024) returned 1 [0053.902] lstrlenA (lpString="{921A1963-F706-4CE3-BC1A-310FDA21783F}") returned 38 [0053.902] GetProcessHeap () returned 0x570000 [0053.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592490 [0053.902] GetProcessHeap () returned 0x570000 [0053.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592508 [0053.903] lstrlenA (lpString="C:\\Users\\Default\\NTUSER.DAT.LOG") returned 31 [0053.919] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x400, lpOverlapped=0x0) returned 1 [0053.940] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.940] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x400, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x400, lpOverlapped=0x0) returned 1 [0053.940] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0053.940] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0053.940] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0053.941] lstrlenA (lpString="rsa_encrypt") returned 11 [0053.941] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592630) returned 1 [0053.941] CryptGenRandom (in: hProv=0x592630, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0053.942] CryptReleaseContext (hProv=0x592630, dwFlags=0x0) returned 1 [0053.942] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0053.942] GetProcessHeap () returned 0x570000 [0053.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592590 [0053.942] lstrlenA (lpString="010001") returned 6 [0053.942] GetProcessHeap () returned 0x570000 [0053.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0053.942] GetProcessHeap () returned 0x570000 [0053.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592618 [0053.942] GetProcessHeap () returned 0x570000 [0053.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0053.942] GetProcessHeap () returned 0x570000 [0053.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592618 | out: hHeap=0x570000) returned 1 [0053.942] GetProcessHeap () returned 0x570000 [0053.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0053.942] GetProcessHeap () returned 0x570000 [0053.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0053.943] GetProcessHeap () returned 0x570000 [0053.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef20 [0053.943] GetProcessHeap () returned 0x570000 [0053.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0053.943] GetProcessHeap () returned 0x570000 [0053.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.943] GetProcessHeap () returned 0x570000 [0053.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0053.943] GetProcessHeap () returned 0x570000 [0053.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592618 [0053.943] GetProcessHeap () returned 0x570000 [0053.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5926a0 [0053.945] GetProcessHeap () returned 0x570000 [0053.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0053.945] GetProcessHeap () returned 0x570000 [0053.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0053.945] GetProcessHeap () returned 0x570000 [0053.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0053.945] GetProcessHeap () returned 0x570000 [0053.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592618 | out: hHeap=0x570000) returned 1 [0053.945] GetProcessHeap () returned 0x570000 [0053.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0053.945] GetProcessHeap () returned 0x570000 [0053.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.945] GetProcessHeap () returned 0x570000 [0053.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.946] GetProcessHeap () returned 0x570000 [0053.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0053.946] GetProcessHeap () returned 0x570000 [0053.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0053.946] GetProcessHeap () returned 0x570000 [0053.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.946] GetProcessHeap () returned 0x570000 [0053.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.946] GetProcessHeap () returned 0x570000 [0053.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.946] GetProcessHeap () returned 0x570000 [0053.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0053.946] GetProcessHeap () returned 0x570000 [0053.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0053.946] GetProcessHeap () returned 0x570000 [0053.946] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0053.946] GetProcessHeap () returned 0x570000 [0053.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0053.947] GetProcessHeap () returned 0x570000 [0053.947] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.947] GetProcessHeap () returned 0x570000 [0053.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.947] GetProcessHeap () returned 0x570000 [0053.947] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.947] GetProcessHeap () returned 0x570000 [0053.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.947] GetProcessHeap () returned 0x570000 [0053.947] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.947] GetProcessHeap () returned 0x570000 [0053.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.947] GetProcessHeap () returned 0x570000 [0053.947] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.947] GetProcessHeap () returned 0x570000 [0053.947] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.947] GetProcessHeap () returned 0x570000 [0053.947] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.948] GetProcessHeap () returned 0x570000 [0053.948] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.948] GetProcessHeap () returned 0x570000 [0053.948] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.948] GetProcessHeap () returned 0x570000 [0053.948] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.948] GetProcessHeap () returned 0x570000 [0053.948] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.948] GetProcessHeap () returned 0x570000 [0053.948] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.948] GetProcessHeap () returned 0x570000 [0053.948] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.948] GetProcessHeap () returned 0x570000 [0053.948] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.948] GetProcessHeap () returned 0x570000 [0053.948] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.948] GetProcessHeap () returned 0x570000 [0053.948] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.948] GetProcessHeap () returned 0x570000 [0053.949] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.949] GetProcessHeap () returned 0x570000 [0053.949] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.949] GetProcessHeap () returned 0x570000 [0053.949] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.949] GetProcessHeap () returned 0x570000 [0053.949] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.949] GetProcessHeap () returned 0x570000 [0053.949] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.949] GetProcessHeap () returned 0x570000 [0053.949] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.949] GetProcessHeap () returned 0x570000 [0053.949] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.949] GetProcessHeap () returned 0x570000 [0053.949] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.949] GetProcessHeap () returned 0x570000 [0053.949] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.949] GetProcessHeap () returned 0x570000 [0053.949] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.949] GetProcessHeap () returned 0x570000 [0053.949] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.950] GetProcessHeap () returned 0x570000 [0053.950] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.950] GetProcessHeap () returned 0x570000 [0053.950] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.950] GetProcessHeap () returned 0x570000 [0053.950] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.950] GetProcessHeap () returned 0x570000 [0053.950] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.950] GetProcessHeap () returned 0x570000 [0053.950] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.950] GetProcessHeap () returned 0x570000 [0053.950] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.950] GetProcessHeap () returned 0x570000 [0053.950] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.950] GetProcessHeap () returned 0x570000 [0053.950] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.950] GetProcessHeap () returned 0x570000 [0053.950] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.950] GetProcessHeap () returned 0x570000 [0053.950] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.951] GetProcessHeap () returned 0x570000 [0053.951] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.951] GetProcessHeap () returned 0x570000 [0053.951] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.951] GetProcessHeap () returned 0x570000 [0053.951] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.951] GetProcessHeap () returned 0x570000 [0053.951] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.951] GetProcessHeap () returned 0x570000 [0053.951] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.951] GetProcessHeap () returned 0x570000 [0053.951] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.951] GetProcessHeap () returned 0x570000 [0053.951] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.951] GetProcessHeap () returned 0x570000 [0053.951] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.951] GetProcessHeap () returned 0x570000 [0053.951] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.951] GetProcessHeap () returned 0x570000 [0053.951] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.952] GetProcessHeap () returned 0x570000 [0053.952] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.952] GetProcessHeap () returned 0x570000 [0053.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.952] GetProcessHeap () returned 0x570000 [0053.952] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.952] GetProcessHeap () returned 0x570000 [0053.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.952] GetProcessHeap () returned 0x570000 [0053.952] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.952] GetProcessHeap () returned 0x570000 [0053.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.952] GetProcessHeap () returned 0x570000 [0053.952] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.952] GetProcessHeap () returned 0x570000 [0053.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.952] GetProcessHeap () returned 0x570000 [0053.952] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.952] GetProcessHeap () returned 0x570000 [0053.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.953] GetProcessHeap () returned 0x570000 [0053.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.953] GetProcessHeap () returned 0x570000 [0053.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.953] GetProcessHeap () returned 0x570000 [0053.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.953] GetProcessHeap () returned 0x570000 [0053.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.953] GetProcessHeap () returned 0x570000 [0053.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.953] GetProcessHeap () returned 0x570000 [0053.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.953] GetProcessHeap () returned 0x570000 [0053.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.953] GetProcessHeap () returned 0x570000 [0053.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.953] GetProcessHeap () returned 0x570000 [0053.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.954] GetProcessHeap () returned 0x570000 [0053.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.954] GetProcessHeap () returned 0x570000 [0053.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.954] GetProcessHeap () returned 0x570000 [0053.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.954] GetProcessHeap () returned 0x570000 [0053.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.954] GetProcessHeap () returned 0x570000 [0053.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.954] GetProcessHeap () returned 0x570000 [0053.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.954] GetProcessHeap () returned 0x570000 [0053.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.954] GetProcessHeap () returned 0x570000 [0053.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.954] GetProcessHeap () returned 0x570000 [0053.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.954] GetProcessHeap () returned 0x570000 [0053.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.955] GetProcessHeap () returned 0x570000 [0053.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.955] GetProcessHeap () returned 0x570000 [0053.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.955] GetProcessHeap () returned 0x570000 [0053.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.955] GetProcessHeap () returned 0x570000 [0053.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.955] GetProcessHeap () returned 0x570000 [0053.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.955] GetProcessHeap () returned 0x570000 [0053.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.955] GetProcessHeap () returned 0x570000 [0053.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.955] GetProcessHeap () returned 0x570000 [0053.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.955] GetProcessHeap () returned 0x570000 [0053.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.956] GetProcessHeap () returned 0x570000 [0053.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.956] GetProcessHeap () returned 0x570000 [0053.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.956] GetProcessHeap () returned 0x570000 [0053.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.956] GetProcessHeap () returned 0x570000 [0053.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.956] GetProcessHeap () returned 0x570000 [0053.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.956] GetProcessHeap () returned 0x570000 [0053.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.956] GetProcessHeap () returned 0x570000 [0053.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.956] GetProcessHeap () returned 0x570000 [0053.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.956] GetProcessHeap () returned 0x570000 [0053.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.956] GetProcessHeap () returned 0x570000 [0053.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.956] GetProcessHeap () returned 0x570000 [0053.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.957] GetProcessHeap () returned 0x570000 [0053.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0053.957] GetProcessHeap () returned 0x570000 [0053.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0053.957] GetProcessHeap () returned 0x570000 [0053.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0053.957] GetProcessHeap () returned 0x570000 [0053.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0053.957] GetProcessHeap () returned 0x570000 [0053.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926a0 | out: hHeap=0x570000) returned 1 [0053.957] GetProcessHeap () returned 0x570000 [0053.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0053.957] GetProcessHeap () returned 0x570000 [0053.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0053.957] GetProcessHeap () returned 0x570000 [0053.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0053.957] GetProcessHeap () returned 0x570000 [0053.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0053.958] GetProcessHeap () returned 0x570000 [0053.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0053.958] GetProcessHeap () returned 0x570000 [0053.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0053.958] GetProcessHeap () returned 0x570000 [0053.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0053.958] GetProcessHeap () returned 0x570000 [0053.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592590 | out: hHeap=0x570000) returned 1 [0053.958] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0053.958] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0053.958] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0053.958] CloseHandle (hObject=0x80) returned 1 [0053.964] GetProcessHeap () returned 0x570000 [0053.964] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0053.964] GetProcessHeap () returned 0x570000 [0053.964] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0053.964] GetProcessHeap () returned 0x570000 [0053.964] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592508 | out: hHeap=0x570000) returned 1 [0053.964] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\NTUSER.DAT.LOG" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG") returned="C:\\Users\\Default\\NTUSER.DAT.LOG" [0053.964] lstrcatW (in: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\NTUSER.DAT.LOG.{Killback@protonmail.com}KBK" [0053.965] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT.LOG" (normalized: "c:\\users\\default\\ntuser.dat.log"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT.LOG.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\ntuser.dat.log.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0053.965] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\NTUSER.DAT.LOG" | out: pszPath="C:\\Users\\Default") returned 1 [0053.965] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0053.965] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\decrypt_files.html") returned="C:\\Users\\Default\\decrypt_files.html" [0053.965] GetFileAttributesW (lpFileName="C:\\Users\\Default\\decrypt_files.html" (normalized: "c:\\users\\default\\decrypt_files.html")) returned 0x20 [0053.966] GetProcessHeap () returned 0x570000 [0053.966] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0053.966] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x674ac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e400, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0053.966] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2=".") returned 1 [0053.966] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="..") returned 1 [0053.966] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT.LOG1" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG1") returned="C:\\Users\\Default\\NTUSER.DAT.LOG1" [0053.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT.LOG1", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0053.966] GetProcessHeap () returned 0x570000 [0053.966] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x10) returned 0x590f68 [0053.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT.LOG1", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NTUSER.DAT.LOG1", lpUsedDefaultChar=0x0) returned 16 [0053.966] lstrlenA (lpString="NTUSER.DAT.LOG1") returned 15 [0053.966] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.966] lstrlenA (lpString="NTUSER.DAT.LOG1") returned 15 [0053.966] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0053.966] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="decrypt_files.html") returned 1 [0053.966] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0053.967] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0053.967] lstrcmpiW (lpString1="NTUSER.DAT.LOG1", lpString2="sihvgt.exe") returned -1 [0053.967] _alloca_probe () returned 0x40908b [0053.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT.LOG1", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0053.967] GetProcessHeap () returned 0x570000 [0053.967] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x21) returned 0x592490 [0053.967] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT.LOG1", cchWideChar=-1, lpMultiByteStr=0x592490, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\NTUSER.DAT.LOG1", lpUsedDefaultChar=0x0) returned 33 [0053.967] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0053.967] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{99B20642-C3C4-41CD-8852-1C1CF8A1FEF7}") returned 38 [0053.967] lstrlenA (lpString="{99B20642-C3C4-41CD-8852-1C1CF8A1FEF7}") returned 38 [0053.967] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0053.968] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=189440) returned 1 [0053.968] lstrlenA (lpString="{99B20642-C3C4-41CD-8852-1C1CF8A1FEF7}") returned 38 [0053.968] GetProcessHeap () returned 0x570000 [0053.968] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5924c0 [0053.968] GetProcessHeap () returned 0x570000 [0053.968] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592538 [0053.968] lstrlenA (lpString="C:\\Users\\Default\\NTUSER.DAT.LOG1") returned 32 [0053.983] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.040] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.042] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.042] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.042] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.042] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.042] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.043] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.043] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.043] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.043] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.043] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.043] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.044] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.044] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.044] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.044] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.044] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.045] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.045] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.045] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.045] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.045] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.045] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.045] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.046] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.046] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.046] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.046] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.046] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.047] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.047] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.047] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.048] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.049] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.070] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.070] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.071] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.071] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.071] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.071] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.073] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.073] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.073] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.073] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.073] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.074] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.074] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.074] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.086] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.086] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.086] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592660) returned 1 [0054.087] CryptGenRandom (in: hProv=0x592660, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.087] CryptReleaseContext (hProv=0x592660, dwFlags=0x0) returned 1 [0054.087] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.087] GetProcessHeap () returned 0x570000 [0054.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925c0 [0054.087] lstrlenA (lpString="010001") returned 6 [0054.087] GetProcessHeap () returned 0x570000 [0054.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0054.087] GetProcessHeap () returned 0x570000 [0054.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592648 [0054.087] GetProcessHeap () returned 0x570000 [0054.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.087] GetProcessHeap () returned 0x570000 [0054.087] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592648 | out: hHeap=0x570000) returned 1 [0054.087] GetProcessHeap () returned 0x570000 [0054.087] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.087] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef10 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592648 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5926d0 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592648 | out: hHeap=0x570000) returned 1 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0054.088] GetProcessHeap () returned 0x570000 [0054.088] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.088] GetProcessHeap () returned 0x570000 [0054.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.089] GetProcessHeap () returned 0x570000 [0054.089] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.090] GetProcessHeap () returned 0x570000 [0054.090] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.090] GetProcessHeap () returned 0x570000 [0054.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.091] GetProcessHeap () returned 0x570000 [0054.091] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.092] GetProcessHeap () returned 0x570000 [0054.092] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.092] GetProcessHeap () returned 0x570000 [0054.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.093] GetProcessHeap () returned 0x570000 [0054.093] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.094] GetProcessHeap () returned 0x570000 [0054.094] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.095] GetProcessHeap () returned 0x570000 [0054.095] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926d0 | out: hHeap=0x570000) returned 1 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.096] GetProcessHeap () returned 0x570000 [0054.096] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0054.097] GetProcessHeap () returned 0x570000 [0054.097] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925c0 | out: hHeap=0x570000) returned 1 [0054.097] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.097] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.097] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.097] CloseHandle (hObject=0x80) returned 1 [0054.111] GetProcessHeap () returned 0x570000 [0054.111] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0054.111] GetProcessHeap () returned 0x570000 [0054.111] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924c0 | out: hHeap=0x570000) returned 1 [0054.111] GetProcessHeap () returned 0x570000 [0054.111] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592538 | out: hHeap=0x570000) returned 1 [0054.111] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\NTUSER.DAT.LOG1" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG1") returned="C:\\Users\\Default\\NTUSER.DAT.LOG1" [0054.111] lstrcatW (in: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG1", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG1.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\NTUSER.DAT.LOG1.{Killback@protonmail.com}KBK" [0054.111] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1" (normalized: "c:\\users\\default\\ntuser.dat.log1"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT.LOG1.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\ntuser.dat.log1.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.112] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\NTUSER.DAT.LOG1" | out: pszPath="C:\\Users\\Default") returned 1 [0054.112] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0054.112] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\decrypt_files.html") returned="C:\\Users\\Default\\decrypt_files.html" [0054.112] GetFileAttributesW (lpFileName="C:\\Users\\Default\\decrypt_files.html" (normalized: "c:\\users\\default\\decrypt_files.html")) returned 0x20 [0054.112] GetProcessHeap () returned 0x570000 [0054.112] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.112] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x9012aa61, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0054.112] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2=".") returned 1 [0054.112] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="..") returned 1 [0054.112] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT.LOG2" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT.LOG2") returned="C:\\Users\\Default\\NTUSER.DAT.LOG2" [0054.112] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT.LOG2", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 16 [0054.112] GetProcessHeap () returned 0x570000 [0054.112] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x10) returned 0x590f68 [0054.112] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT.LOG2", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NTUSER.DAT.LOG2", lpUsedDefaultChar=0x0) returned 16 [0054.112] lstrlenA (lpString="NTUSER.DAT.LOG2") returned 15 [0054.112] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.112] lstrlenA (lpString="NTUSER.DAT.LOG2") returned 15 [0054.112] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.112] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="decrypt_files.html") returned 1 [0054.112] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.112] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.112] lstrcmpiW (lpString1="NTUSER.DAT.LOG2", lpString2="sihvgt.exe") returned -1 [0054.112] _alloca_probe () returned 0x40908b [0054.112] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT.LOG2", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 33 [0054.112] GetProcessHeap () returned 0x570000 [0054.112] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x21) returned 0x592490 [0054.112] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT.LOG2", cchWideChar=-1, lpMultiByteStr=0x592490, cbMultiByte=33, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\NTUSER.DAT.LOG2", lpUsedDefaultChar=0x0) returned 33 [0054.113] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.113] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{62BE686E-371E-44A0-8FA5-49D3452C874B}") returned 38 [0054.113] lstrlenA (lpString="{62BE686E-371E-44A0-8FA5-49D3452C874B}") returned 38 [0054.113] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT.LOG2" (normalized: "c:\\users\\default\\ntuser.dat.log2"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.113] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=0) returned 1 [0054.113] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.113] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592560) returned 1 [0054.114] CryptGenRandom (in: hProv=0x592560, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.114] CryptReleaseContext (hProv=0x592560, dwFlags=0x0) returned 1 [0054.114] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.114] GetProcessHeap () returned 0x570000 [0054.114] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924c0 [0054.114] lstrlenA (lpString="010001") returned 6 [0054.114] GetProcessHeap () returned 0x570000 [0054.114] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0054.114] GetProcessHeap () returned 0x570000 [0054.114] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592548 [0054.114] GetProcessHeap () returned 0x570000 [0054.114] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.114] GetProcessHeap () returned 0x570000 [0054.114] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592548 | out: hHeap=0x570000) returned 1 [0054.114] GetProcessHeap () returned 0x570000 [0054.114] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.114] GetProcessHeap () returned 0x570000 [0054.114] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0054.114] GetProcessHeap () returned 0x570000 [0054.114] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef20 [0054.114] GetProcessHeap () returned 0x570000 [0054.114] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0054.115] GetProcessHeap () returned 0x570000 [0054.115] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.115] GetProcessHeap () returned 0x570000 [0054.115] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.115] GetProcessHeap () returned 0x570000 [0054.115] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592548 [0054.115] GetProcessHeap () returned 0x570000 [0054.115] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5925d0 [0054.119] GetProcessHeap () returned 0x570000 [0054.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.119] GetProcessHeap () returned 0x570000 [0054.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.119] GetProcessHeap () returned 0x570000 [0054.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.119] GetProcessHeap () returned 0x570000 [0054.119] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592548 | out: hHeap=0x570000) returned 1 [0054.119] GetProcessHeap () returned 0x570000 [0054.119] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.119] GetProcessHeap () returned 0x570000 [0054.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.120] GetProcessHeap () returned 0x570000 [0054.120] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.120] GetProcessHeap () returned 0x570000 [0054.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.121] GetProcessHeap () returned 0x570000 [0054.121] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.121] GetProcessHeap () returned 0x570000 [0054.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.122] GetProcessHeap () returned 0x570000 [0054.122] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.122] GetProcessHeap () returned 0x570000 [0054.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.123] GetProcessHeap () returned 0x570000 [0054.123] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.123] GetProcessHeap () returned 0x570000 [0054.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.124] GetProcessHeap () returned 0x570000 [0054.124] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.124] GetProcessHeap () returned 0x570000 [0054.125] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.125] GetProcessHeap () returned 0x570000 [0054.125] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.125] GetProcessHeap () returned 0x570000 [0054.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.126] GetProcessHeap () returned 0x570000 [0054.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925d0 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.127] GetProcessHeap () returned 0x570000 [0054.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.128] GetProcessHeap () returned 0x570000 [0054.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.128] GetProcessHeap () returned 0x570000 [0054.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.128] GetProcessHeap () returned 0x570000 [0054.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.128] GetProcessHeap () returned 0x570000 [0054.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.128] GetProcessHeap () returned 0x570000 [0054.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0054.128] GetProcessHeap () returned 0x570000 [0054.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924c0 | out: hHeap=0x570000) returned 1 [0054.128] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.129] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.129] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.129] CloseHandle (hObject=0x80) returned 1 [0054.187] GetProcessHeap () returned 0x570000 [0054.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0054.187] GetProcessHeap () returned 0x570000 [0054.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.187] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8d30919, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8d30919, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0054.187] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".") returned 1 [0054.187] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="..") returned 1 [0054.187] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0054.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 56 [0054.187] GetProcessHeap () returned 0x570000 [0054.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x38) returned 0x592490 [0054.187] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cchWideChar=-1, lpMultiByteStr=0x592490, cbMultiByte=56, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpUsedDefaultChar=0x0) returned 56 [0054.187] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0054.187] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.187] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.187] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0054.187] lstrcmpiA (lpString1="1de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0054.188] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0054.188] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.188] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.188] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 55 [0054.188] lstrcmpiA (lpString1="1de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0054.188] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="decrypt_files.html") returned 1 [0054.188] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.188] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.188] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2="sihvgt.exe") returned -1 [0054.188] _alloca_probe () returned 0x40908b [0054.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 73 [0054.188] GetProcessHeap () returned 0x570000 [0054.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x49) returned 0x5924d0 [0054.188] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cchWideChar=-1, lpMultiByteStr=0x5924d0, cbMultiByte=73, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpUsedDefaultChar=0x0) returned 73 [0054.188] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.188] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{14C8DF1F-A0A9-46B3-A046-6FB62AFA7DDB}") returned 38 [0054.188] lstrlenA (lpString="{14C8DF1F-A0A9-46B3-A046-6FB62AFA7DDB}") returned 38 [0054.188] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.189] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=65536) returned 1 [0054.189] lstrlenA (lpString="{14C8DF1F-A0A9-46B3-A046-6FB62AFA7DDB}") returned 38 [0054.189] GetProcessHeap () returned 0x570000 [0054.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592528 [0054.189] GetProcessHeap () returned 0x570000 [0054.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925a0 [0054.189] lstrlenA (lpString="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned 72 [0054.202] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.214] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.215] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.215] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.215] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.215] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.216] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.216] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.216] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.217] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.217] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.217] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x0, lpOverlapped=0x0) returned 1 [0054.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.217] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.218] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.218] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.218] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5926c8) returned 1 [0054.219] CryptGenRandom (in: hProv=0x5926c8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.219] CryptReleaseContext (hProv=0x5926c8, dwFlags=0x0) returned 1 [0054.219] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.219] GetProcessHeap () returned 0x570000 [0054.219] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592628 [0054.219] lstrlenA (lpString="010001") returned 6 [0054.219] GetProcessHeap () returned 0x570000 [0054.219] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0054.219] GetProcessHeap () returned 0x570000 [0054.219] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5926b0 [0054.219] GetProcessHeap () returned 0x570000 [0054.219] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.219] GetProcessHeap () returned 0x570000 [0054.219] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926b0 | out: hHeap=0x570000) returned 1 [0054.219] GetProcessHeap () returned 0x570000 [0054.219] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.219] GetProcessHeap () returned 0x570000 [0054.219] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0054.219] GetProcessHeap () returned 0x570000 [0054.219] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef10 [0054.219] GetProcessHeap () returned 0x570000 [0054.219] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5926b0 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592738 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926b0 | out: hHeap=0x570000) returned 1 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.220] GetProcessHeap () returned 0x570000 [0054.220] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.220] GetProcessHeap () returned 0x570000 [0054.221] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.221] GetProcessHeap () returned 0x570000 [0054.221] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.221] GetProcessHeap () returned 0x570000 [0054.221] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.221] GetProcessHeap () returned 0x570000 [0054.221] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.221] GetProcessHeap () returned 0x570000 [0054.221] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.221] GetProcessHeap () returned 0x570000 [0054.221] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.221] GetProcessHeap () returned 0x570000 [0054.221] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.221] GetProcessHeap () returned 0x570000 [0054.221] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.221] GetProcessHeap () returned 0x570000 [0054.221] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.221] GetProcessHeap () returned 0x570000 [0054.221] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.222] GetProcessHeap () returned 0x570000 [0054.222] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.222] GetProcessHeap () returned 0x570000 [0054.222] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.222] GetProcessHeap () returned 0x570000 [0054.222] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.222] GetProcessHeap () returned 0x570000 [0054.222] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.222] GetProcessHeap () returned 0x570000 [0054.222] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.222] GetProcessHeap () returned 0x570000 [0054.222] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.222] GetProcessHeap () returned 0x570000 [0054.222] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.222] GetProcessHeap () returned 0x570000 [0054.222] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.222] GetProcessHeap () returned 0x570000 [0054.222] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.222] GetProcessHeap () returned 0x570000 [0054.223] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.223] GetProcessHeap () returned 0x570000 [0054.223] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.223] GetProcessHeap () returned 0x570000 [0054.223] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.223] GetProcessHeap () returned 0x570000 [0054.223] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.223] GetProcessHeap () returned 0x570000 [0054.223] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.223] GetProcessHeap () returned 0x570000 [0054.223] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.223] GetProcessHeap () returned 0x570000 [0054.223] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.223] GetProcessHeap () returned 0x570000 [0054.223] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.223] GetProcessHeap () returned 0x570000 [0054.223] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.223] GetProcessHeap () returned 0x570000 [0054.223] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.223] GetProcessHeap () returned 0x570000 [0054.223] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.223] GetProcessHeap () returned 0x570000 [0054.224] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.224] GetProcessHeap () returned 0x570000 [0054.224] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.224] GetProcessHeap () returned 0x570000 [0054.224] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.224] GetProcessHeap () returned 0x570000 [0054.224] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.224] GetProcessHeap () returned 0x570000 [0054.224] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.224] GetProcessHeap () returned 0x570000 [0054.224] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.224] GetProcessHeap () returned 0x570000 [0054.224] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.224] GetProcessHeap () returned 0x570000 [0054.224] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.224] GetProcessHeap () returned 0x570000 [0054.224] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.225] GetProcessHeap () returned 0x570000 [0054.225] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.225] GetProcessHeap () returned 0x570000 [0054.225] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.225] GetProcessHeap () returned 0x570000 [0054.225] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.225] GetProcessHeap () returned 0x570000 [0054.225] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.225] GetProcessHeap () returned 0x570000 [0054.225] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.225] GetProcessHeap () returned 0x570000 [0054.225] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.225] GetProcessHeap () returned 0x570000 [0054.225] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.225] GetProcessHeap () returned 0x570000 [0054.225] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.225] GetProcessHeap () returned 0x570000 [0054.225] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.225] GetProcessHeap () returned 0x570000 [0054.225] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.225] GetProcessHeap () returned 0x570000 [0054.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.226] GetProcessHeap () returned 0x570000 [0054.226] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.226] GetProcessHeap () returned 0x570000 [0054.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.226] GetProcessHeap () returned 0x570000 [0054.226] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.226] GetProcessHeap () returned 0x570000 [0054.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.226] GetProcessHeap () returned 0x570000 [0054.226] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.226] GetProcessHeap () returned 0x570000 [0054.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.226] GetProcessHeap () returned 0x570000 [0054.226] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.226] GetProcessHeap () returned 0x570000 [0054.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.226] GetProcessHeap () returned 0x570000 [0054.226] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.226] GetProcessHeap () returned 0x570000 [0054.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.227] GetProcessHeap () returned 0x570000 [0054.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.227] GetProcessHeap () returned 0x570000 [0054.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.227] GetProcessHeap () returned 0x570000 [0054.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.227] GetProcessHeap () returned 0x570000 [0054.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.227] GetProcessHeap () returned 0x570000 [0054.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.227] GetProcessHeap () returned 0x570000 [0054.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.227] GetProcessHeap () returned 0x570000 [0054.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.227] GetProcessHeap () returned 0x570000 [0054.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.227] GetProcessHeap () returned 0x570000 [0054.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.227] GetProcessHeap () returned 0x570000 [0054.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.228] GetProcessHeap () returned 0x570000 [0054.228] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.228] GetProcessHeap () returned 0x570000 [0054.228] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.228] GetProcessHeap () returned 0x570000 [0054.228] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.228] GetProcessHeap () returned 0x570000 [0054.228] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.228] GetProcessHeap () returned 0x570000 [0054.228] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.228] GetProcessHeap () returned 0x570000 [0054.228] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.228] GetProcessHeap () returned 0x570000 [0054.228] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.228] GetProcessHeap () returned 0x570000 [0054.228] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.228] GetProcessHeap () returned 0x570000 [0054.228] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.229] GetProcessHeap () returned 0x570000 [0054.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.229] GetProcessHeap () returned 0x570000 [0054.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.230] GetProcessHeap () returned 0x570000 [0054.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.230] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592738 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.231] GetProcessHeap () returned 0x570000 [0054.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0054.232] GetProcessHeap () returned 0x570000 [0054.232] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592628 | out: hHeap=0x570000) returned 1 [0054.232] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.232] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.232] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.232] CloseHandle (hObject=0x80) returned 1 [0054.261] GetProcessHeap () returned 0x570000 [0054.261] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0054.261] GetProcessHeap () returned 0x570000 [0054.261] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592528 | out: hHeap=0x570000) returned 1 [0054.261] GetProcessHeap () returned 0x570000 [0054.261] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925a0 | out: hHeap=0x570000) returned 1 [0054.262] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" [0054.262] lstrcatW (in: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.{Killback@protonmail.com}KBK" [0054.262] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tm.blf.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.263] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf" | out: pszPath="C:\\Users\\Default") returned 1 [0054.263] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0054.264] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\decrypt_files.html") returned="C:\\Users\\Default\\decrypt_files.html" [0054.264] GetFileAttributesW (lpFileName="C:\\Users\\Default\\decrypt_files.html" (normalized: "c:\\users\\default\\decrypt_files.html")) returned 0x20 [0054.264] GetProcessHeap () returned 0x570000 [0054.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0054.264] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8da2d3a, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8da2d3a, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8e8757c, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0054.264] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".") returned 1 [0054.264] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="..") returned 1 [0054.264] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0054.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 93 [0054.264] GetProcessHeap () returned 0x570000 [0054.264] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5d) returned 0x592490 [0054.264] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cchWideChar=-1, lpMultiByteStr=0x592490, cbMultiByte=93, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpUsedDefaultChar=0x0) returned 93 [0054.264] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0054.265] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.265] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.265] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0054.265] lstrcmpiA (lpString1="00000000000000001.regtrans-ms", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0054.265] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0054.265] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.265] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.265] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 92 [0054.265] lstrcmpiA (lpString1="00000000000000001.regtrans-ms", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0054.265] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="decrypt_files.html") returned 1 [0054.265] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.265] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.265] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2="sihvgt.exe") returned -1 [0054.265] _alloca_probe () returned 0x40908b [0054.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 110 [0054.265] GetProcessHeap () returned 0x570000 [0054.265] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x6e) returned 0x5924f8 [0054.265] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cchWideChar=-1, lpMultiByteStr=0x5924f8, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpUsedDefaultChar=0x0) returned 110 [0054.265] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.265] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{AEFC4F54-85C5-4B85-9BD1-D03C1408A408}") returned 38 [0054.265] lstrlenA (lpString="{AEFC4F54-85C5-4B85-9BD1-D03C1408A408}") returned 38 [0054.265] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.266] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=524288) returned 1 [0054.266] lstrlenA (lpString="{AEFC4F54-85C5-4B85-9BD1-D03C1408A408}") returned 38 [0054.266] GetProcessHeap () returned 0x570000 [0054.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592570 [0054.266] GetProcessHeap () returned 0x570000 [0054.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e8 [0054.266] lstrlenA (lpString="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned 109 [0054.279] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.281] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.281] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.282] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.283] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.283] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.283] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.283] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.284] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.284] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.284] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.284] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.284] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.284] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.285] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.285] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.285] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.285] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.285] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.285] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.286] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.286] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.286] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.286] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.286] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.286] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.287] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.287] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.287] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.287] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.287] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.287] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.287] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.289] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.290] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.290] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.290] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.291] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.291] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.291] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.291] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.292] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.292] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.293] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.293] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.294] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.294] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.294] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.295] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.295] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.295] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.296] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.297] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.297] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.297] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.298] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.298] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.299] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.299] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.300] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.300] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.301] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.301] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.301] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.314] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.315] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.315] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.315] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.315] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.316] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.316] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.316] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.317] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.317] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.317] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.318] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.318] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.318] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.318] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.319] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.320] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.320] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.321] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.321] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.322] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.322] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.323] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.324] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.324] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.324] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.325] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.325] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.325] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.325] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.326] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.326] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.326] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.326] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.329] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.330] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.330] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.330] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.330] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.331] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.331] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.331] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.332] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.332] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.332] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.332] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.335] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.336] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.336] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.336] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.336] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.337] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.337] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.337] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x0, lpOverlapped=0x0) returned 1 [0054.337] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.337] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.337] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.338] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.338] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.338] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592710) returned 1 [0054.339] CryptGenRandom (in: hProv=0x592710, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.339] CryptReleaseContext (hProv=0x592710, dwFlags=0x0) returned 1 [0054.339] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.339] GetProcessHeap () returned 0x570000 [0054.339] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592670 [0054.340] lstrlenA (lpString="010001") returned 6 [0054.340] GetProcessHeap () returned 0x570000 [0054.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0054.340] GetProcessHeap () returned 0x570000 [0054.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5926f8 [0054.340] GetProcessHeap () returned 0x570000 [0054.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.340] GetProcessHeap () returned 0x570000 [0054.340] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926f8 | out: hHeap=0x570000) returned 1 [0054.340] GetProcessHeap () returned 0x570000 [0054.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.340] GetProcessHeap () returned 0x570000 [0054.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0054.340] GetProcessHeap () returned 0x570000 [0054.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef20 [0054.340] GetProcessHeap () returned 0x570000 [0054.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0054.340] GetProcessHeap () returned 0x570000 [0054.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.341] GetProcessHeap () returned 0x570000 [0054.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.341] GetProcessHeap () returned 0x570000 [0054.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5926f8 [0054.341] GetProcessHeap () returned 0x570000 [0054.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592780 [0054.341] GetProcessHeap () returned 0x570000 [0054.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.341] GetProcessHeap () returned 0x570000 [0054.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0054.341] GetProcessHeap () returned 0x570000 [0054.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.341] GetProcessHeap () returned 0x570000 [0054.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926f8 | out: hHeap=0x570000) returned 1 [0054.341] GetProcessHeap () returned 0x570000 [0054.341] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.341] GetProcessHeap () returned 0x570000 [0054.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.341] GetProcessHeap () returned 0x570000 [0054.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.342] GetProcessHeap () returned 0x570000 [0054.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.342] GetProcessHeap () returned 0x570000 [0054.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.342] GetProcessHeap () returned 0x570000 [0054.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.342] GetProcessHeap () returned 0x570000 [0054.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.342] GetProcessHeap () returned 0x570000 [0054.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.342] GetProcessHeap () returned 0x570000 [0054.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.342] GetProcessHeap () returned 0x570000 [0054.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.342] GetProcessHeap () returned 0x570000 [0054.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.342] GetProcessHeap () returned 0x570000 [0054.342] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.342] GetProcessHeap () returned 0x570000 [0054.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.343] GetProcessHeap () returned 0x570000 [0054.343] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.343] GetProcessHeap () returned 0x570000 [0054.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.343] GetProcessHeap () returned 0x570000 [0054.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.344] GetProcessHeap () returned 0x570000 [0054.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.344] GetProcessHeap () returned 0x570000 [0054.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.344] GetProcessHeap () returned 0x570000 [0054.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.344] GetProcessHeap () returned 0x570000 [0054.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.344] GetProcessHeap () returned 0x570000 [0054.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.344] GetProcessHeap () returned 0x570000 [0054.344] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.344] GetProcessHeap () returned 0x570000 [0054.344] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.347] GetProcessHeap () returned 0x570000 [0054.347] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.347] GetProcessHeap () returned 0x570000 [0054.347] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.347] GetProcessHeap () returned 0x570000 [0054.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.348] GetProcessHeap () returned 0x570000 [0054.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.349] GetProcessHeap () returned 0x570000 [0054.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.350] GetProcessHeap () returned 0x570000 [0054.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.350] GetProcessHeap () returned 0x570000 [0054.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.351] GetProcessHeap () returned 0x570000 [0054.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.351] GetProcessHeap () returned 0x570000 [0054.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.352] GetProcessHeap () returned 0x570000 [0054.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592780 | out: hHeap=0x570000) returned 1 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.353] GetProcessHeap () returned 0x570000 [0054.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.354] GetProcessHeap () returned 0x570000 [0054.354] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.354] GetProcessHeap () returned 0x570000 [0054.354] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.354] GetProcessHeap () returned 0x570000 [0054.354] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.354] GetProcessHeap () returned 0x570000 [0054.354] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.354] GetProcessHeap () returned 0x570000 [0054.354] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0054.354] GetProcessHeap () returned 0x570000 [0054.354] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592670 | out: hHeap=0x570000) returned 1 [0054.354] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.354] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.354] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.354] CloseHandle (hObject=0x80) returned 1 [0054.369] GetProcessHeap () returned 0x570000 [0054.369] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924f8 | out: hHeap=0x570000) returned 1 [0054.370] GetProcessHeap () returned 0x570000 [0054.370] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592570 | out: hHeap=0x570000) returned 1 [0054.370] GetProcessHeap () returned 0x570000 [0054.370] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e8 | out: hHeap=0x570000) returned 1 [0054.370] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" [0054.370] lstrcatW (in: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.{Killback@protonmail.com}KBK" [0054.370] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000001.regtrans-ms.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.371] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms" | out: pszPath="C:\\Users\\Default") returned 1 [0054.371] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0054.371] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\decrypt_files.html") returned="C:\\Users\\Default\\decrypt_files.html" [0054.371] GetFileAttributesW (lpFileName="C:\\Users\\Default\\decrypt_files.html" (normalized: "c:\\users\\default\\decrypt_files.html")) returned 0x20 [0054.371] GetProcessHeap () returned 0x570000 [0054.371] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0054.371] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8deeffb, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8deeffb, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0054.371] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".") returned 1 [0054.371] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="..") returned 1 [0054.371] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0054.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 93 [0054.371] GetProcessHeap () returned 0x570000 [0054.371] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5d) returned 0x592490 [0054.371] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cchWideChar=-1, lpMultiByteStr=0x592490, cbMultiByte=93, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpUsedDefaultChar=0x0) returned 93 [0054.371] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0054.371] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.371] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.371] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0054.371] lstrcmpiA (lpString1="00000000000000002.regtrans-ms", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0054.371] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0054.371] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.371] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.371] lstrlenA (lpString="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 92 [0054.371] lstrcmpiA (lpString1="00000000000000002.regtrans-ms", lpString2=".{Killback@protonmail.com}KBK") returned 1 [0054.371] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="decrypt_files.html") returned 1 [0054.371] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.372] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.372] lstrcmpiW (lpString1="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2="sihvgt.exe") returned -1 [0054.372] _alloca_probe () returned 0x40908b [0054.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 110 [0054.372] GetProcessHeap () returned 0x570000 [0054.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x6e) returned 0x5924f8 [0054.372] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cchWideChar=-1, lpMultiByteStr=0x5924f8, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpUsedDefaultChar=0x0) returned 110 [0054.372] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.372] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{2F1F21FF-BAD8-4045-9162-5A33323CFCAD}") returned 38 [0054.372] lstrlenA (lpString="{2F1F21FF-BAD8-4045-9162-5A33323CFCAD}") returned 38 [0054.372] CreateFileW (lpFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.372] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=524288) returned 1 [0054.372] lstrlenA (lpString="{2F1F21FF-BAD8-4045-9162-5A33323CFCAD}") returned 38 [0054.372] GetProcessHeap () returned 0x570000 [0054.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592570 [0054.372] GetProcessHeap () returned 0x570000 [0054.372] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5925e8 [0054.372] lstrlenA (lpString="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned 109 [0054.383] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.388] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.388] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.389] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.389] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.389] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.391] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.391] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.391] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.391] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.391] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.392] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.392] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.392] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.392] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.392] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.392] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.392] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.393] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.393] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.393] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.393] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.393] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.393] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.393] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.393] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.394] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.394] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.394] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.394] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.394] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.394] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.394] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.396] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.396] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.396] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.396] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.397] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.397] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.397] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.397] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.401] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.401] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.401] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.401] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.402] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.402] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.402] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.402] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.403] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.403] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.403] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.403] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.404] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.404] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.404] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.404] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.405] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.405] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.405] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.406] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.407] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.407] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.407] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.408] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.408] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.408] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.409] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.409] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.409] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.409] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.409] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.409] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.413] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.413] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.413] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.413] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.413] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.414] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.414] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.414] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.416] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.416] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.416] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.416] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.417] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.417] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.417] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.417] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.419] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.420] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.420] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.420] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.420] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.421] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.421] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.421] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.422] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.422] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.423] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.423] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.423] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.424] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.424] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.424] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.424] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.425] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.425] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.425] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.425] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.426] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.426] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.426] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.426] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.427] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.427] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.427] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.428] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.428] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.428] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.428] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.429] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.429] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.429] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.430] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0054.430] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0054.430] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0054.430] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.430] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x0, lpOverlapped=0x0) returned 1 [0054.430] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.430] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.430] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.431] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.431] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.431] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592710) returned 1 [0054.432] CryptGenRandom (in: hProv=0x592710, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.432] CryptReleaseContext (hProv=0x592710, dwFlags=0x0) returned 1 [0054.432] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.432] GetProcessHeap () returned 0x570000 [0054.432] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592670 [0054.432] lstrlenA (lpString="010001") returned 6 [0054.432] GetProcessHeap () returned 0x570000 [0054.432] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0054.432] GetProcessHeap () returned 0x570000 [0054.432] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5926f8 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926f8 | out: hHeap=0x570000) returned 1 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef10 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5926f8 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592780 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926f8 | out: hHeap=0x570000) returned 1 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.433] GetProcessHeap () returned 0x570000 [0054.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.434] GetProcessHeap () returned 0x570000 [0054.434] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.435] GetProcessHeap () returned 0x570000 [0054.435] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.436] GetProcessHeap () returned 0x570000 [0054.436] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.437] GetProcessHeap () returned 0x570000 [0054.437] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.438] GetProcessHeap () returned 0x570000 [0054.438] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.439] GetProcessHeap () returned 0x570000 [0054.439] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.439] GetProcessHeap () returned 0x570000 [0054.440] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592780 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0054.440] GetProcessHeap () returned 0x570000 [0054.440] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592670 | out: hHeap=0x570000) returned 1 [0054.440] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.441] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.441] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.441] CloseHandle (hObject=0x80) returned 1 [0054.448] GetProcessHeap () returned 0x570000 [0054.448] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924f8 | out: hHeap=0x570000) returned 1 [0054.448] GetProcessHeap () returned 0x570000 [0054.449] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592570 | out: hHeap=0x570000) returned 1 [0054.449] GetProcessHeap () returned 0x570000 [0054.449] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e8 | out: hHeap=0x570000) returned 1 [0054.449] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" [0054.449] lstrcatW (in: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.{Killback@protonmail.com}KBK" [0054.449] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms"), lpNewFileName="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\ntuser.dat{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.tmcontainer00000000000000000002.regtrans-ms.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.450] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms" | out: pszPath="C:\\Users\\Default") returned 1 [0054.450] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0054.450] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\decrypt_files.html") returned="C:\\Users\\Default\\decrypt_files.html" [0054.450] GetFileAttributesW (lpFileName="C:\\Users\\Default\\decrypt_files.html" (normalized: "c:\\users\\default\\decrypt_files.html")) returned 0x20 [0054.450] GetProcessHeap () returned 0x570000 [0054.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0054.450] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0054.450] lstrcmpiW (lpString1="ntuser.ini", lpString2=".") returned 1 [0054.450] lstrcmpiW (lpString1="ntuser.ini", lpString2="..") returned 1 [0054.450] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="ntuser.ini" | out: lpString1="C:\\Users\\Default\\ntuser.ini") returned="C:\\Users\\Default\\ntuser.ini" [0054.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntuser.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.450] GetProcessHeap () returned 0x570000 [0054.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590f68 [0054.450] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ntuser.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ntuser.ini", lpUsedDefaultChar=0x0) returned 11 [0054.450] lstrlenA (lpString="ntuser.ini") returned 10 [0054.450] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.450] lstrlenA (lpString="ntuser.ini") returned 10 [0054.450] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.450] lstrcmpiW (lpString1="ntuser.ini", lpString2="decrypt_files.html") returned 1 [0054.450] lstrcmpiW (lpString1="ntuser.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.450] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.451] lstrcmpiW (lpString1="ntuser.ini", lpString2="sihvgt.exe") returned -1 [0054.451] _alloca_probe () returned 0x40908b [0054.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\ntuser.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0054.451] GetProcessHeap () returned 0x570000 [0054.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x590698 [0054.451] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\ntuser.ini", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\ntuser.ini", lpUsedDefaultChar=0x0) returned 28 [0054.451] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.451] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{55292562-2FF5-4286-BCBB-7C5E9997956D}") returned 38 [0054.451] lstrlenA (lpString="{55292562-2FF5-4286-BCBB-7C5E9997956D}") returned 38 [0054.451] CreateFileW (lpFileName="C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.451] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=20) returned 1 [0054.451] lstrlenA (lpString="{55292562-2FF5-4286-BCBB-7C5E9997956D}") returned 38 [0054.451] GetProcessHeap () returned 0x570000 [0054.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592490 [0054.451] GetProcessHeap () returned 0x570000 [0054.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592508 [0054.451] lstrlenA (lpString="C:\\Users\\Default\\ntuser.ini") returned 27 [0054.468] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x14, lpOverlapped=0x0) returned 1 [0054.469] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.469] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.469] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.469] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.470] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.470] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.470] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592630) returned 1 [0054.471] CryptGenRandom (in: hProv=0x592630, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.471] CryptReleaseContext (hProv=0x592630, dwFlags=0x0) returned 1 [0054.471] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592590 [0054.471] lstrlenA (lpString="010001") returned 6 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592618 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592618 | out: hHeap=0x570000) returned 1 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef20 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.471] GetProcessHeap () returned 0x570000 [0054.471] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592618 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5926a0 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef20 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592618 | out: hHeap=0x570000) returned 1 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0054.472] GetProcessHeap () returned 0x570000 [0054.472] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.472] GetProcessHeap () returned 0x570000 [0054.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.473] GetProcessHeap () returned 0x570000 [0054.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.473] GetProcessHeap () returned 0x570000 [0054.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.474] GetProcessHeap () returned 0x570000 [0054.474] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.475] GetProcessHeap () returned 0x570000 [0054.475] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.475] GetProcessHeap () returned 0x570000 [0054.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.476] GetProcessHeap () returned 0x570000 [0054.476] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.476] GetProcessHeap () returned 0x570000 [0054.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.477] GetProcessHeap () returned 0x570000 [0054.477] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.478] GetProcessHeap () returned 0x570000 [0054.478] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.479] GetProcessHeap () returned 0x570000 [0054.479] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.479] GetProcessHeap () returned 0x570000 [0054.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926a0 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.480] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.480] GetProcessHeap () returned 0x570000 [0054.481] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.481] GetProcessHeap () returned 0x570000 [0054.481] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.481] GetProcessHeap () returned 0x570000 [0054.481] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0054.481] GetProcessHeap () returned 0x570000 [0054.481] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592590 | out: hHeap=0x570000) returned 1 [0054.481] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.481] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.481] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.481] CloseHandle (hObject=0x80) returned 1 [0054.484] GetProcessHeap () returned 0x570000 [0054.484] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0054.484] GetProcessHeap () returned 0x570000 [0054.484] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0054.484] GetProcessHeap () returned 0x570000 [0054.484] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592508 | out: hHeap=0x570000) returned 1 [0054.484] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\ntuser.ini" | out: lpString1="C:\\Users\\Default\\ntuser.ini") returned="C:\\Users\\Default\\ntuser.ini" [0054.484] lstrcatW (in: lpString1="C:\\Users\\Default\\ntuser.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\ntuser.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\ntuser.ini.{Killback@protonmail.com}KBK" [0054.484] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\ntuser.ini" (normalized: "c:\\users\\default\\ntuser.ini"), lpNewFileName="C:\\Users\\Default\\ntuser.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\ntuser.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.485] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\ntuser.ini" | out: pszPath="C:\\Users\\Default") returned 1 [0054.485] lstrcatW (in: lpString1="C:\\Users\\Default", lpString2="\\" | out: lpString1="C:\\Users\\Default\\") returned="C:\\Users\\Default\\" [0054.485] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\decrypt_files.html") returned="C:\\Users\\Default\\decrypt_files.html" [0054.485] GetFileAttributesW (lpFileName="C:\\Users\\Default\\decrypt_files.html" (normalized: "c:\\users\\default\\decrypt_files.html")) returned 0x20 [0054.485] GetProcessHeap () returned 0x570000 [0054.485] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.485] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0054.485] lstrcmpiW (lpString1="Pictures", lpString2=".") returned 1 [0054.485] lstrcmpiW (lpString1="Pictures", lpString2="..") returned 1 [0054.485] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Pictures" | out: lpString1="C:\\Users\\Default\\Pictures") returned="C:\\Users\\Default\\Pictures" [0054.485] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Pictures", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.486] GetProcessHeap () returned 0x570000 [0054.486] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0054.486] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Pictures", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Pictures", lpUsedDefaultChar=0x0) returned 9 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0054.486] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0054.487] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Pictures", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0054.487] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Pictures\\") returned="C:\\Users\\Default\\Pictures\\" [0054.487] GetProcessHeap () returned 0x570000 [0054.487] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eed0 [0054.487] lstrlenW (lpString="C:\\Users\\Default\\Pictures\\") returned 26 [0054.487] GetProcessHeap () returned 0x570000 [0054.488] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x592490 [0054.488] lstrcpyW (in: lpString1=0x592490, lpString2="C:\\Users\\Default\\Pictures\\" | out: lpString1="C:\\Users\\Default\\Pictures\\") returned="C:\\Users\\Default\\Pictures\\" [0054.488] GetProcessHeap () returned 0x570000 [0054.488] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.488] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0054.488] lstrcmpiW (lpString1="PrintHood", lpString2=".") returned 1 [0054.488] lstrcmpiW (lpString1="PrintHood", lpString2="..") returned 1 [0054.488] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="PrintHood" | out: lpString1="C:\\Users\\Default\\PrintHood") returned="C:\\Users\\Default\\PrintHood" [0054.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PrintHood", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.488] GetProcessHeap () returned 0x570000 [0054.488] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0054.488] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="PrintHood", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="PrintHood", lpUsedDefaultChar=0x0) returned 10 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0054.488] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0054.489] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0054.490] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0054.490] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0054.490] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0054.490] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0054.490] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0054.490] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0054.490] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0054.490] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0054.490] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="PrintHood", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0054.490] lstrcatW (in: lpString1="C:\\Users\\Default\\PrintHood", lpString2="\\" | out: lpString1="C:\\Users\\Default\\PrintHood\\") returned="C:\\Users\\Default\\PrintHood\\" [0054.490] GetProcessHeap () returned 0x570000 [0054.490] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef10 [0054.490] lstrlenW (lpString="C:\\Users\\Default\\PrintHood\\") returned 27 [0054.490] GetProcessHeap () returned 0x570000 [0054.490] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x38) returned 0x5924d0 [0054.490] lstrcpyW (in: lpString1=0x5924d0, lpString2="C:\\Users\\Default\\PrintHood\\" | out: lpString1="C:\\Users\\Default\\PrintHood\\") returned="C:\\Users\\Default\\PrintHood\\" [0054.490] GetProcessHeap () returned 0x570000 [0054.490] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.490] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0054.490] lstrcmpiW (lpString1="Recent", lpString2=".") returned 1 [0054.490] lstrcmpiW (lpString1="Recent", lpString2="..") returned 1 [0054.490] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Recent" | out: lpString1="C:\\Users\\Default\\Recent") returned="C:\\Users\\Default\\Recent" [0054.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Recent", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.490] GetProcessHeap () returned 0x570000 [0054.490] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58ef20 [0054.490] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Recent", cchWideChar=-1, lpMultiByteStr=0x58ef20, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Recent", lpUsedDefaultChar=0x0) returned 7 [0054.490] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0054.491] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0054.492] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Recent", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0054.492] lstrcatW (in: lpString1="C:\\Users\\Default\\Recent", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Recent\\") returned="C:\\Users\\Default\\Recent\\" [0054.492] GetProcessHeap () returned 0x570000 [0054.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef30 [0054.492] lstrlenW (lpString="C:\\Users\\Default\\Recent\\") returned 24 [0054.492] GetProcessHeap () returned 0x570000 [0054.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x592510 [0054.492] lstrcpyW (in: lpString1=0x592510, lpString2="C:\\Users\\Default\\Recent\\" | out: lpString1="C:\\Users\\Default\\Recent\\") returned="C:\\Users\\Default\\Recent\\" [0054.492] GetProcessHeap () returned 0x570000 [0054.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.492] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0054.492] lstrcmpiW (lpString1="Saved Games", lpString2=".") returned 1 [0054.492] lstrcmpiW (lpString1="Saved Games", lpString2="..") returned 1 [0054.493] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Saved Games" | out: lpString1="C:\\Users\\Default\\Saved Games") returned="C:\\Users\\Default\\Saved Games" [0054.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Saved Games", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.493] GetProcessHeap () returned 0x570000 [0054.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0054.493] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Saved Games", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Saved Games", lpUsedDefaultChar=0x0) returned 12 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0054.493] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0054.494] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Saved Games", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0054.494] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Saved Games\\") returned="C:\\Users\\Default\\Saved Games\\" [0054.494] GetProcessHeap () returned 0x570000 [0054.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef20 [0054.495] lstrlenW (lpString="C:\\Users\\Default\\Saved Games\\") returned 29 [0054.495] GetProcessHeap () returned 0x570000 [0054.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3c) returned 0x587788 [0054.495] lstrcpyW (in: lpString1=0x587788, lpString2="C:\\Users\\Default\\Saved Games\\" | out: lpString1="C:\\Users\\Default\\Saved Games\\") returned="C:\\Users\\Default\\Saved Games\\" [0054.495] GetProcessHeap () returned 0x570000 [0054.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.495] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0054.495] lstrcmpiW (lpString1="Searches", lpString2=".") returned 1 [0054.495] lstrcmpiW (lpString1="Searches", lpString2="..") returned 1 [0054.495] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Searches" | out: lpString1="C:\\Users\\Default\\Searches") returned="C:\\Users\\Default\\Searches" [0054.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Searches", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0054.495] GetProcessHeap () returned 0x570000 [0054.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0054.495] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Searches", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Searches", lpUsedDefaultChar=0x0) returned 9 [0054.495] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0054.495] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0054.495] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0054.495] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0054.495] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0054.495] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0054.495] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0054.495] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0054.495] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0054.495] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0054.496] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0054.497] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0054.497] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0054.497] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0054.497] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0054.497] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0054.497] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0054.497] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Searches", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0054.497] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0054.497] GetProcessHeap () returned 0x570000 [0054.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef40 [0054.497] lstrlenW (lpString="C:\\Users\\Default\\Searches\\") returned 26 [0054.497] GetProcessHeap () returned 0x570000 [0054.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x592550 [0054.497] lstrcpyW (in: lpString1=0x592550, lpString2="C:\\Users\\Default\\Searches\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0054.497] GetProcessHeap () returned 0x570000 [0054.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.497] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0054.497] lstrcmpiW (lpString1="SendTo", lpString2=".") returned 1 [0054.497] lstrcmpiW (lpString1="SendTo", lpString2="..") returned 1 [0054.497] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="SendTo" | out: lpString1="C:\\Users\\Default\\SendTo") returned="C:\\Users\\Default\\SendTo" [0054.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SendTo", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.497] GetProcessHeap () returned 0x570000 [0054.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58ef50 [0054.497] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SendTo", cchWideChar=-1, lpMultiByteStr=0x58ef50, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SendTo", lpUsedDefaultChar=0x0) returned 7 [0054.497] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0054.497] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0054.497] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0054.498] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0054.499] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="SendTo", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0054.499] lstrcatW (in: lpString1="C:\\Users\\Default\\SendTo", lpString2="\\" | out: lpString1="C:\\Users\\Default\\SendTo\\") returned="C:\\Users\\Default\\SendTo\\" [0054.499] GetProcessHeap () returned 0x570000 [0054.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef60 [0054.499] lstrlenW (lpString="C:\\Users\\Default\\SendTo\\") returned 24 [0054.499] GetProcessHeap () returned 0x570000 [0054.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x5925a8 [0054.499] lstrcpyW (in: lpString1=0x5925a8, lpString2="C:\\Users\\Default\\SendTo\\" | out: lpString1="C:\\Users\\Default\\SendTo\\") returned="C:\\Users\\Default\\SendTo\\" [0054.499] GetProcessHeap () returned 0x570000 [0054.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.499] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0054.499] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1 [0054.499] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1 [0054.499] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Start Menu" | out: lpString1="C:\\Users\\Default\\Start Menu") returned="C:\\Users\\Default\\Start Menu" [0054.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Start Menu", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0054.500] GetProcessHeap () returned 0x570000 [0054.500] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590f68 [0054.500] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Start Menu", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Start Menu", lpUsedDefaultChar=0x0) returned 11 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0054.500] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0054.501] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0054.501] lstrcatW (in: lpString1="C:\\Users\\Default\\Start Menu", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Start Menu\\") returned="C:\\Users\\Default\\Start Menu\\" [0054.501] GetProcessHeap () returned 0x570000 [0054.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef50 [0054.501] lstrlenW (lpString="C:\\Users\\Default\\Start Menu\\") returned 28 [0054.501] GetProcessHeap () returned 0x570000 [0054.501] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3a) returned 0x5877d0 [0054.501] lstrcpyW (in: lpString1=0x5877d0, lpString2="C:\\Users\\Default\\Start Menu\\" | out: lpString1="C:\\Users\\Default\\Start Menu\\") returned="C:\\Users\\Default\\Start Menu\\" [0054.502] GetProcessHeap () returned 0x570000 [0054.502] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.502] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0054.502] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0054.502] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0054.502] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Templates" | out: lpString1="C:\\Users\\Default\\Templates") returned="C:\\Users\\Default\\Templates" [0054.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Templates", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0054.502] GetProcessHeap () returned 0x570000 [0054.502] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0054.502] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Templates", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Templates", lpUsedDefaultChar=0x0) returned 10 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0054.502] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0054.503] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0054.504] lstrcatW (in: lpString1="C:\\Users\\Default\\Templates", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Templates\\") returned="C:\\Users\\Default\\Templates\\" [0054.504] GetProcessHeap () returned 0x570000 [0054.504] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef70 [0054.504] lstrlenW (lpString="C:\\Users\\Default\\Templates\\") returned 27 [0054.504] GetProcessHeap () returned 0x570000 [0054.504] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x38) returned 0x5925e8 [0054.504] lstrcpyW (in: lpString1=0x5925e8, lpString2="C:\\Users\\Default\\Templates\\" | out: lpString1="C:\\Users\\Default\\Templates\\") returned="C:\\Users\\Default\\Templates\\" [0054.504] GetProcessHeap () returned 0x570000 [0054.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.504] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0054.504] lstrcmpiW (lpString1="Videos", lpString2=".") returned 1 [0054.504] lstrcmpiW (lpString1="Videos", lpString2="..") returned 1 [0054.504] lstrcatW (in: lpString1="C:\\Users\\Default\\", lpString2="Videos" | out: lpString1="C:\\Users\\Default\\Videos") returned="C:\\Users\\Default\\Videos" [0054.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Videos", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0054.504] GetProcessHeap () returned 0x570000 [0054.504] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58ef80 [0054.504] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Videos", cchWideChar=-1, lpMultiByteStr=0x58ef80, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Videos", lpUsedDefaultChar=0x0) returned 7 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0054.504] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0054.505] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0054.505] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0054.505] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0054.505] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0054.505] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0054.505] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0054.505] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0054.505] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0054.505] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0054.506] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0054.507] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0054.507] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0054.507] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0054.507] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0054.507] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0054.507] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0054.507] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Videos", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0054.507] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Videos\\") returned="C:\\Users\\Default\\Videos\\" [0054.507] GetProcessHeap () returned 0x570000 [0054.507] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef90 [0054.507] lstrlenW (lpString="C:\\Users\\Default\\Videos\\") returned 24 [0054.507] GetProcessHeap () returned 0x570000 [0054.507] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x592628 [0054.507] lstrcpyW (in: lpString1=0x592628, lpString2="C:\\Users\\Default\\Videos\\" | out: lpString1="C:\\Users\\Default\\Videos\\") returned="C:\\Users\\Default\\Videos\\" [0054.507] GetProcessHeap () returned 0x570000 [0054.507] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef80 | out: hHeap=0x570000) returned 1 [0054.507] FindNextFileW (in: hFindFile=0x588da8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0054.507] FindClose (in: hFindFile=0x588da8 | out: hFindFile=0x588da8) returned 1 [0054.507] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Videos\\" | out: lpString1="C:\\Users\\Default\\Videos\\") returned="C:\\Users\\Default\\Videos\\" [0054.507] GetProcessHeap () returned 0x570000 [0054.507] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592628 | out: hHeap=0x570000) returned 1 [0054.507] GetProcessHeap () returned 0x570000 [0054.507] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef90 | out: hHeap=0x570000) returned 1 [0054.507] lstrlenW (lpString="C:\\Users\\Default\\Videos\\") returned 24 [0054.508] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Videos\\*") returned="C:\\Users\\Default\\Videos\\*" [0054.508] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Videos\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x592628 [0054.508] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.508] FindNextFileW (in: hFindFile=0x592628, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.508] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.508] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.508] FindNextFileW (in: hFindFile=0x592628, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.508] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.508] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.508] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Videos\\desktop.ini") returned="C:\\Users\\Default\\Videos\\desktop.ini" [0054.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.508] GetProcessHeap () returned 0x570000 [0054.508] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0054.508] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0054.508] lstrlenA (lpString="desktop.ini") returned 11 [0054.508] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.509] lstrlenA (lpString="desktop.ini") returned 11 [0054.509] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.509] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0054.509] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.509] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.509] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0054.509] _alloca_probe () returned 0x40908b [0054.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Videos\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 36 [0054.509] GetProcessHeap () returned 0x570000 [0054.509] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x24) returned 0x588da8 [0054.509] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Videos\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=36, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Videos\\desktop.ini", lpUsedDefaultChar=0x0) returned 36 [0054.509] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.509] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{60CDFA4B-E74A-49F9-AC57-D6D587F8DC19}") returned 38 [0054.509] lstrlenA (lpString="{60CDFA4B-E74A-49F9-AC57-D6D587F8DC19}") returned 38 [0054.509] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.509] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=504) returned 1 [0054.509] lstrlenA (lpString="{60CDFA4B-E74A-49F9-AC57-D6D587F8DC19}") returned 38 [0054.509] GetProcessHeap () returned 0x570000 [0054.509] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x593590 [0054.509] GetProcessHeap () returned 0x570000 [0054.509] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593608 [0054.509] lstrlenA (lpString="C:\\Users\\Default\\Videos\\desktop.ini") returned 35 [0054.520] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x1f8, lpOverlapped=0x0) returned 1 [0054.522] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.522] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x200, lpOverlapped=0x0) returned 1 [0054.522] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.522] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.522] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.522] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.522] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593730) returned 1 [0054.523] CryptGenRandom (in: hProv=0x593730, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.523] CryptReleaseContext (hProv=0x593730, dwFlags=0x0) returned 1 [0054.523] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.523] GetProcessHeap () returned 0x570000 [0054.523] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593690 [0054.523] lstrlenA (lpString="010001") returned 6 [0054.523] GetProcessHeap () returned 0x570000 [0054.523] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef90 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593718 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593718 | out: hHeap=0x570000) returned 1 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef80 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef80 | out: hHeap=0x570000) returned 1 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593718 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5937a0 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef80 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.524] GetProcessHeap () returned 0x570000 [0054.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.524] GetProcessHeap () returned 0x570000 [0054.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593718 | out: hHeap=0x570000) returned 1 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef80 | out: hHeap=0x570000) returned 1 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.525] GetProcessHeap () returned 0x570000 [0054.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.525] GetProcessHeap () returned 0x570000 [0054.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.526] GetProcessHeap () returned 0x570000 [0054.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.527] GetProcessHeap () returned 0x570000 [0054.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.527] GetProcessHeap () returned 0x570000 [0054.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.528] GetProcessHeap () returned 0x570000 [0054.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.528] GetProcessHeap () returned 0x570000 [0054.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.529] GetProcessHeap () returned 0x570000 [0054.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.529] GetProcessHeap () returned 0x570000 [0054.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.530] GetProcessHeap () returned 0x570000 [0054.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.531] GetProcessHeap () returned 0x570000 [0054.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58efa0 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efa0 | out: hHeap=0x570000) returned 1 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5937a0 | out: hHeap=0x570000) returned 1 [0054.532] GetProcessHeap () returned 0x570000 [0054.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.533] GetProcessHeap () returned 0x570000 [0054.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.533] GetProcessHeap () returned 0x570000 [0054.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.533] GetProcessHeap () returned 0x570000 [0054.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.533] GetProcessHeap () returned 0x570000 [0054.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.533] GetProcessHeap () returned 0x570000 [0054.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.533] GetProcessHeap () returned 0x570000 [0054.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef90 | out: hHeap=0x570000) returned 1 [0054.533] GetProcessHeap () returned 0x570000 [0054.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593690 | out: hHeap=0x570000) returned 1 [0054.533] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.533] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.533] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.533] CloseHandle (hObject=0x80) returned 1 [0054.534] GetProcessHeap () returned 0x570000 [0054.534] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0054.534] GetProcessHeap () returned 0x570000 [0054.534] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0054.534] GetProcessHeap () returned 0x570000 [0054.534] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593608 | out: hHeap=0x570000) returned 1 [0054.534] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Videos\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Videos\\desktop.ini") returned="C:\\Users\\Default\\Videos\\desktop.ini" [0054.534] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Videos\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Videos\\desktop.ini.{Killback@protonmail.com}KBK" [0054.534] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Videos\\desktop.ini" (normalized: "c:\\users\\default\\videos\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Videos\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\videos\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.535] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Videos\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Videos") returned 1 [0054.535] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Videos\\") returned="C:\\Users\\Default\\Videos\\" [0054.535] lstrcatW (in: lpString1="C:\\Users\\Default\\Videos\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Videos\\decrypt_files.html") returned="C:\\Users\\Default\\Videos\\decrypt_files.html" [0054.535] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Videos\\decrypt_files.html" (normalized: "c:\\users\\default\\videos\\decrypt_files.html")) returned 0xffffffff [0054.535] CreateFileW (lpFileName="C:\\Users\\Default\\Videos\\decrypt_files.html" (normalized: "c:\\users\\default\\videos\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.536] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0054.536] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0054.537] CloseHandle (hObject=0x80) returned 1 [0054.537] GetProcessHeap () returned 0x570000 [0054.537] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.537] FindNextFileW (in: hFindFile=0x592628, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.537] FindClose (in: hFindFile=0x592628 | out: hFindFile=0x592628) returned 1 [0054.537] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Templates\\" | out: lpString1="C:\\Users\\Default\\Templates\\") returned="C:\\Users\\Default\\Templates\\" [0054.537] GetProcessHeap () returned 0x570000 [0054.537] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e8 | out: hHeap=0x570000) returned 1 [0054.537] GetProcessHeap () returned 0x570000 [0054.537] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef70 | out: hHeap=0x570000) returned 1 [0054.537] lstrlenW (lpString="C:\\Users\\Default\\Templates\\") returned 27 [0054.537] lstrcatW (in: lpString1="C:\\Users\\Default\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Templates\\*") returned="C:\\Users\\Default\\Templates\\*" [0054.537] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Templates\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0054.537] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Start Menu\\" | out: lpString1="C:\\Users\\Default\\Start Menu\\") returned="C:\\Users\\Default\\Start Menu\\" [0054.538] GetProcessHeap () returned 0x570000 [0054.538] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5877d0 | out: hHeap=0x570000) returned 1 [0054.538] GetProcessHeap () returned 0x570000 [0054.538] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.538] lstrlenW (lpString="C:\\Users\\Default\\Start Menu\\") returned 28 [0054.538] lstrcatW (in: lpString1="C:\\Users\\Default\\Start Menu\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Start Menu\\*") returned="C:\\Users\\Default\\Start Menu\\*" [0054.538] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Start Menu\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0054.538] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\SendTo\\" | out: lpString1="C:\\Users\\Default\\SendTo\\") returned="C:\\Users\\Default\\SendTo\\" [0054.538] GetProcessHeap () returned 0x570000 [0054.538] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925a8 | out: hHeap=0x570000) returned 1 [0054.538] GetProcessHeap () returned 0x570000 [0054.538] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.538] lstrlenW (lpString="C:\\Users\\Default\\SendTo\\") returned 24 [0054.538] lstrcatW (in: lpString1="C:\\Users\\Default\\SendTo\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\SendTo\\*") returned="C:\\Users\\Default\\SendTo\\*" [0054.538] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\SendTo\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0054.538] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Searches\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0054.538] GetProcessHeap () returned 0x570000 [0054.538] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592550 | out: hHeap=0x570000) returned 1 [0054.538] GetProcessHeap () returned 0x570000 [0054.538] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef40 | out: hHeap=0x570000) returned 1 [0054.538] lstrlenW (lpString="C:\\Users\\Default\\Searches\\") returned 26 [0054.538] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Searches\\*") returned="C:\\Users\\Default\\Searches\\*" [0054.539] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Searches\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0054.556] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.556] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.556] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.556] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.556] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.556] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.556] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.556] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Searches\\desktop.ini") returned="C:\\Users\\Default\\Searches\\desktop.ini" [0054.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.556] GetProcessHeap () returned 0x570000 [0054.556] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0054.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0054.556] lstrlenA (lpString="desktop.ini") returned 11 [0054.556] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.556] lstrlenA (lpString="desktop.ini") returned 11 [0054.556] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.556] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0054.556] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.556] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.556] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0054.556] _alloca_probe () returned 0x40908b [0054.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Searches\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0054.556] GetProcessHeap () returned 0x570000 [0054.556] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x26) returned 0x592550 [0054.556] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Searches\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x592550, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Searches\\desktop.ini", lpUsedDefaultChar=0x0) returned 38 [0054.557] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.557] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{AE88741B-9F51-4FEC-B637-B8976061FE58}") returned 38 [0054.557] lstrlenA (lpString="{AE88741B-9F51-4FEC-B637-B8976061FE58}") returned 38 [0054.557] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.557] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=524) returned 1 [0054.557] lstrlenA (lpString="{AE88741B-9F51-4FEC-B637-B8976061FE58}") returned 38 [0054.557] GetProcessHeap () returned 0x570000 [0054.557] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x593590 [0054.557] GetProcessHeap () returned 0x570000 [0054.557] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593608 [0054.557] lstrlenA (lpString="C:\\Users\\Default\\Searches\\desktop.ini") returned 37 [0054.568] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x20c, lpOverlapped=0x0) returned 1 [0054.569] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.569] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x210, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x210, lpOverlapped=0x0) returned 1 [0054.570] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.570] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.570] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.570] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.570] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593690) returned 1 [0054.571] CryptGenRandom (in: hProv=0x593690, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.571] CryptReleaseContext (hProv=0x593690, dwFlags=0x0) returned 1 [0054.571] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.571] GetProcessHeap () returned 0x570000 [0054.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593690 [0054.571] lstrlenA (lpString="010001") returned 6 [0054.571] GetProcessHeap () returned 0x570000 [0054.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef40 [0054.571] GetProcessHeap () returned 0x570000 [0054.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593718 [0054.571] GetProcessHeap () returned 0x570000 [0054.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.571] GetProcessHeap () returned 0x570000 [0054.571] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593718 | out: hHeap=0x570000) returned 1 [0054.571] GetProcessHeap () returned 0x570000 [0054.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.571] GetProcessHeap () returned 0x570000 [0054.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0054.571] GetProcessHeap () returned 0x570000 [0054.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef60 [0054.571] GetProcessHeap () returned 0x570000 [0054.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593718 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5937a0 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593718 | out: hHeap=0x570000) returned 1 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.572] GetProcessHeap () returned 0x570000 [0054.572] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.573] GetProcessHeap () returned 0x570000 [0054.573] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.573] GetProcessHeap () returned 0x570000 [0054.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.574] GetProcessHeap () returned 0x570000 [0054.574] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.575] GetProcessHeap () returned 0x570000 [0054.575] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.575] GetProcessHeap () returned 0x570000 [0054.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.576] GetProcessHeap () returned 0x570000 [0054.576] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.576] GetProcessHeap () returned 0x570000 [0054.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.577] GetProcessHeap () returned 0x570000 [0054.577] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.578] GetProcessHeap () returned 0x570000 [0054.578] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.578] GetProcessHeap () returned 0x570000 [0054.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.579] GetProcessHeap () returned 0x570000 [0054.579] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5937a0 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef40 | out: hHeap=0x570000) returned 1 [0054.580] GetProcessHeap () returned 0x570000 [0054.580] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593690 | out: hHeap=0x570000) returned 1 [0054.580] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.581] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.581] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.581] CloseHandle (hObject=0x80) returned 1 [0054.581] GetProcessHeap () returned 0x570000 [0054.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592550 | out: hHeap=0x570000) returned 1 [0054.582] GetProcessHeap () returned 0x570000 [0054.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0054.582] GetProcessHeap () returned 0x570000 [0054.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593608 | out: hHeap=0x570000) returned 1 [0054.582] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Searches\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Searches\\desktop.ini") returned="C:\\Users\\Default\\Searches\\desktop.ini" [0054.582] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Searches\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Searches\\desktop.ini.{Killback@protonmail.com}KBK" [0054.582] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Searches\\desktop.ini" (normalized: "c:\\users\\default\\searches\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Searches\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\searches\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.582] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Searches\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Searches") returned 1 [0054.582] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0054.582] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Searches\\decrypt_files.html") returned="C:\\Users\\Default\\Searches\\decrypt_files.html" [0054.582] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Searches\\decrypt_files.html" (normalized: "c:\\users\\default\\searches\\decrypt_files.html")) returned 0xffffffff [0054.582] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\decrypt_files.html" (normalized: "c:\\users\\default\\searches\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.583] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0054.583] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0054.584] CloseHandle (hObject=0x80) returned 1 [0054.584] GetProcessHeap () returned 0x570000 [0054.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.584] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0054.584] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2=".") returned 1 [0054.584] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="..") returned 1 [0054.585] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="Everywhere.search-ms" | out: lpString1="C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned="C:\\Users\\Default\\Searches\\Everywhere.search-ms" [0054.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Everywhere.search-ms", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0054.585] GetProcessHeap () returned 0x570000 [0054.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x15) returned 0x58fdc0 [0054.585] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Everywhere.search-ms", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Everywhere.search-ms", lpUsedDefaultChar=0x0) returned 21 [0054.585] lstrlenA (lpString="Everywhere.search-ms") returned 20 [0054.585] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.585] lstrlenA (lpString="Everywhere.search-ms") returned 20 [0054.585] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.585] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="decrypt_files.html") returned 1 [0054.585] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.585] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.585] lstrcmpiW (lpString1="Everywhere.search-ms", lpString2="sihvgt.exe") returned -1 [0054.585] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Searches\\Everywhere.search-ms", dwFileAttributes=0x22) returned 1 [0054.586] _alloca_probe () returned 0x40908b [0054.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Searches\\Everywhere.search-ms", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 47 [0054.586] GetProcessHeap () returned 0x570000 [0054.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2f) returned 0x592550 [0054.586] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Searches\\Everywhere.search-ms", cchWideChar=-1, lpMultiByteStr=0x592550, cbMultiByte=47, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Searches\\Everywhere.search-ms", lpUsedDefaultChar=0x0) returned 47 [0054.586] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.586] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{BA182DB3-EC35-489F-B376-D591883BF56F}") returned 38 [0054.586] lstrlenA (lpString="{BA182DB3-EC35-489F-B376-D591883BF56F}") returned 38 [0054.586] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.587] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=248) returned 1 [0054.587] lstrlenA (lpString="{BA182DB3-EC35-489F-B376-D591883BF56F}") returned 38 [0054.587] GetProcessHeap () returned 0x570000 [0054.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x593590 [0054.587] GetProcessHeap () returned 0x570000 [0054.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593608 [0054.587] lstrlenA (lpString="C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned 46 [0054.599] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0xf8, lpOverlapped=0x0) returned 1 [0054.600] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.600] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x100, lpOverlapped=0x0) returned 1 [0054.600] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.600] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.600] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.601] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.601] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593690) returned 1 [0054.601] CryptGenRandom (in: hProv=0x593690, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.601] CryptReleaseContext (hProv=0x593690, dwFlags=0x0) returned 1 [0054.602] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593690 [0054.602] lstrlenA (lpString="010001") returned 6 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef40 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593718 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593718 | out: hHeap=0x570000) returned 1 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef50 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.602] GetProcessHeap () returned 0x570000 [0054.602] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593718 [0054.602] GetProcessHeap () returned 0x570000 [0054.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5937a0 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593718 | out: hHeap=0x570000) returned 1 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.603] GetProcessHeap () returned 0x570000 [0054.603] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.604] GetProcessHeap () returned 0x570000 [0054.604] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.604] GetProcessHeap () returned 0x570000 [0054.605] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.605] GetProcessHeap () returned 0x570000 [0054.605] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.606] GetProcessHeap () returned 0x570000 [0054.606] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.607] GetProcessHeap () returned 0x570000 [0054.607] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.607] GetProcessHeap () returned 0x570000 [0054.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.608] GetProcessHeap () returned 0x570000 [0054.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.608] GetProcessHeap () returned 0x570000 [0054.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.609] GetProcessHeap () returned 0x570000 [0054.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.610] GetProcessHeap () returned 0x570000 [0054.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.610] GetProcessHeap () returned 0x570000 [0054.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.611] GetProcessHeap () returned 0x570000 [0054.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5937a0 | out: hHeap=0x570000) returned 1 [0054.611] GetProcessHeap () returned 0x570000 [0054.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.611] GetProcessHeap () returned 0x570000 [0054.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.611] GetProcessHeap () returned 0x570000 [0054.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.611] GetProcessHeap () returned 0x570000 [0054.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.611] GetProcessHeap () returned 0x570000 [0054.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.611] GetProcessHeap () returned 0x570000 [0054.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.611] GetProcessHeap () returned 0x570000 [0054.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef40 | out: hHeap=0x570000) returned 1 [0054.611] GetProcessHeap () returned 0x570000 [0054.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593690 | out: hHeap=0x570000) returned 1 [0054.611] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.611] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.611] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.612] CloseHandle (hObject=0x80) returned 1 [0054.618] GetProcessHeap () returned 0x570000 [0054.618] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592550 | out: hHeap=0x570000) returned 1 [0054.618] GetProcessHeap () returned 0x570000 [0054.618] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0054.618] GetProcessHeap () returned 0x570000 [0054.618] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593608 | out: hHeap=0x570000) returned 1 [0054.618] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Searches\\Everywhere.search-ms" | out: lpString1="C:\\Users\\Default\\Searches\\Everywhere.search-ms") returned="C:\\Users\\Default\\Searches\\Everywhere.search-ms" [0054.618] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\Everywhere.search-ms", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Searches\\Everywhere.search-ms.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Searches\\Everywhere.search-ms.{Killback@protonmail.com}KBK" [0054.618] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Searches\\Everywhere.search-ms" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms"), lpNewFileName="C:\\Users\\Default\\Searches\\Everywhere.search-ms.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\searches\\everywhere.search-ms.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.619] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Searches\\Everywhere.search-ms" | out: pszPath="C:\\Users\\Default\\Searches") returned 1 [0054.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0054.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Searches\\decrypt_files.html") returned="C:\\Users\\Default\\Searches\\decrypt_files.html" [0054.619] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Searches\\decrypt_files.html" (normalized: "c:\\users\\default\\searches\\decrypt_files.html")) returned 0x20 [0054.619] GetProcessHeap () returned 0x570000 [0054.619] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0054.619] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0054.619] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2=".") returned 1 [0054.619] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="..") returned 1 [0054.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="Indexed Locations.search-ms" | out: lpString1="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" [0054.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Indexed Locations.search-ms", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0054.619] GetProcessHeap () returned 0x570000 [0054.619] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1c) returned 0x590698 [0054.619] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Indexed Locations.search-ms", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Indexed Locations.search-ms", lpUsedDefaultChar=0x0) returned 28 [0054.619] lstrlenA (lpString="Indexed Locations.search-ms") returned 27 [0054.619] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.619] lstrlenA (lpString="Indexed Locations.search-ms") returned 27 [0054.619] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.620] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="decrypt_files.html") returned 1 [0054.620] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.620] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.620] lstrcmpiW (lpString1="Indexed Locations.search-ms", lpString2="sihvgt.exe") returned -1 [0054.620] SetFileAttributesW (lpFileName="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", dwFileAttributes=0x22) returned 1 [0054.620] _alloca_probe () returned 0x40908b [0054.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0054.620] GetProcessHeap () returned 0x570000 [0054.620] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x5925e8 [0054.620] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", cchWideChar=-1, lpMultiByteStr=0x5925e8, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", lpUsedDefaultChar=0x0) returned 54 [0054.620] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.620] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{B6561CA1-E5E5-4271-A1BA-0455E1354BB0}") returned 38 [0054.620] lstrlenA (lpString="{B6561CA1-E5E5-4271-A1BA-0455E1354BB0}") returned 38 [0054.620] CreateFileW (lpFileName="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.620] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=248) returned 1 [0054.620] lstrlenA (lpString="{B6561CA1-E5E5-4271-A1BA-0455E1354BB0}") returned 38 [0054.620] GetProcessHeap () returned 0x570000 [0054.620] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x593590 [0054.621] GetProcessHeap () returned 0x570000 [0054.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593608 [0054.621] lstrlenA (lpString="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned 53 [0054.633] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0xf8, lpOverlapped=0x0) returned 1 [0054.634] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.634] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x100, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x100, lpOverlapped=0x0) returned 1 [0054.635] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.635] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.635] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.635] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.635] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593690) returned 1 [0054.636] CryptGenRandom (in: hProv=0x593690, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.636] CryptReleaseContext (hProv=0x593690, dwFlags=0x0) returned 1 [0054.636] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.636] GetProcessHeap () returned 0x570000 [0054.636] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593690 [0054.636] lstrlenA (lpString="010001") returned 6 [0054.636] GetProcessHeap () returned 0x570000 [0054.636] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef40 [0054.636] GetProcessHeap () returned 0x570000 [0054.636] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593718 [0054.636] GetProcessHeap () returned 0x570000 [0054.636] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.636] GetProcessHeap () returned 0x570000 [0054.636] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593718 | out: hHeap=0x570000) returned 1 [0054.636] GetProcessHeap () returned 0x570000 [0054.636] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.636] GetProcessHeap () returned 0x570000 [0054.636] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0054.636] GetProcessHeap () returned 0x570000 [0054.636] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef60 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593718 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5937a0 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef60 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593718 | out: hHeap=0x570000) returned 1 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef60 | out: hHeap=0x570000) returned 1 [0054.637] GetProcessHeap () returned 0x570000 [0054.637] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.637] GetProcessHeap () returned 0x570000 [0054.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.638] GetProcessHeap () returned 0x570000 [0054.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.638] GetProcessHeap () returned 0x570000 [0054.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.639] GetProcessHeap () returned 0x570000 [0054.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.639] GetProcessHeap () returned 0x570000 [0054.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.640] GetProcessHeap () returned 0x570000 [0054.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.640] GetProcessHeap () returned 0x570000 [0054.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.641] GetProcessHeap () returned 0x570000 [0054.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.642] GetProcessHeap () returned 0x570000 [0054.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.643] GetProcessHeap () returned 0x570000 [0054.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.644] GetProcessHeap () returned 0x570000 [0054.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.644] GetProcessHeap () returned 0x570000 [0054.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.645] GetProcessHeap () returned 0x570000 [0054.645] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.645] GetProcessHeap () returned 0x570000 [0054.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.645] GetProcessHeap () returned 0x570000 [0054.645] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.645] GetProcessHeap () returned 0x570000 [0054.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.645] GetProcessHeap () returned 0x570000 [0054.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.645] GetProcessHeap () returned 0x570000 [0054.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.645] GetProcessHeap () returned 0x570000 [0054.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5937a0 | out: hHeap=0x570000) returned 1 [0054.645] GetProcessHeap () returned 0x570000 [0054.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.645] GetProcessHeap () returned 0x570000 [0054.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.646] GetProcessHeap () returned 0x570000 [0054.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.646] GetProcessHeap () returned 0x570000 [0054.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.646] GetProcessHeap () returned 0x570000 [0054.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.646] GetProcessHeap () returned 0x570000 [0054.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.646] GetProcessHeap () returned 0x570000 [0054.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef40 | out: hHeap=0x570000) returned 1 [0054.646] GetProcessHeap () returned 0x570000 [0054.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593690 | out: hHeap=0x570000) returned 1 [0054.646] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.646] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.646] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.646] CloseHandle (hObject=0x80) returned 1 [0054.647] GetProcessHeap () returned 0x570000 [0054.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e8 | out: hHeap=0x570000) returned 1 [0054.647] GetProcessHeap () returned 0x570000 [0054.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0054.647] GetProcessHeap () returned 0x570000 [0054.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593608 | out: hHeap=0x570000) returned 1 [0054.647] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" | out: lpString1="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms") returned="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" [0054.647] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.{Killback@protonmail.com}KBK" [0054.647] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms"), lpNewFileName="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\searches\\indexed locations.search-ms.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.648] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Searches\\Indexed Locations.search-ms" | out: pszPath="C:\\Users\\Default\\Searches") returned 1 [0054.648] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Searches\\") returned="C:\\Users\\Default\\Searches\\" [0054.648] lstrcatW (in: lpString1="C:\\Users\\Default\\Searches\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Searches\\decrypt_files.html") returned="C:\\Users\\Default\\Searches\\decrypt_files.html" [0054.648] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Searches\\decrypt_files.html" (normalized: "c:\\users\\default\\searches\\decrypt_files.html")) returned 0x20 [0054.648] GetProcessHeap () returned 0x570000 [0054.648] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0054.648] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0054.648] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0054.648] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Saved Games\\" | out: lpString1="C:\\Users\\Default\\Saved Games\\") returned="C:\\Users\\Default\\Saved Games\\" [0054.648] GetProcessHeap () returned 0x570000 [0054.648] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587788 | out: hHeap=0x570000) returned 1 [0054.648] GetProcessHeap () returned 0x570000 [0054.649] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.649] lstrlenW (lpString="C:\\Users\\Default\\Saved Games\\") returned 29 [0054.649] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Saved Games\\*") returned="C:\\Users\\Default\\Saved Games\\*" [0054.649] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Saved Games\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0054.649] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.649] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.649] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.649] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.649] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.649] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.649] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.649] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Saved Games\\desktop.ini") returned="C:\\Users\\Default\\Saved Games\\desktop.ini" [0054.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.649] GetProcessHeap () returned 0x570000 [0054.649] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0054.649] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0054.649] lstrlenA (lpString="desktop.ini") returned 11 [0054.649] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.649] lstrlenA (lpString="desktop.ini") returned 11 [0054.649] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.650] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0054.650] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.650] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.650] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0054.650] _alloca_probe () returned 0x40908b [0054.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Saved Games\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0054.650] GetProcessHeap () returned 0x570000 [0054.650] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x29) returned 0x588da8 [0054.650] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Saved Games\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Saved Games\\desktop.ini", lpUsedDefaultChar=0x0) returned 41 [0054.650] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.650] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{537F6248-FA1D-4A2B-9C5A-9E0A4DB4DEB6}") returned 38 [0054.650] lstrlenA (lpString="{537F6248-FA1D-4A2B-9C5A-9E0A4DB4DEB6}") returned 38 [0054.650] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.652] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=282) returned 1 [0054.652] lstrlenA (lpString="{537F6248-FA1D-4A2B-9C5A-9E0A4DB4DEB6}") returned 38 [0054.652] GetProcessHeap () returned 0x570000 [0054.652] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x593590 [0054.652] GetProcessHeap () returned 0x570000 [0054.652] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593608 [0054.652] lstrlenA (lpString="C:\\Users\\Default\\Saved Games\\desktop.ini") returned 40 [0054.821] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x11a, lpOverlapped=0x0) returned 1 [0054.882] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.882] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x120, lpOverlapped=0x0) returned 1 [0054.883] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.883] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.883] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.883] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.883] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593690) returned 1 [0054.884] CryptGenRandom (in: hProv=0x593690, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.884] CryptReleaseContext (hProv=0x593690, dwFlags=0x0) returned 1 [0054.884] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.884] GetProcessHeap () returned 0x570000 [0054.884] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593690 [0054.884] lstrlenA (lpString="010001") returned 6 [0054.884] GetProcessHeap () returned 0x570000 [0054.884] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef20 [0054.884] GetProcessHeap () returned 0x570000 [0054.884] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593718 [0054.884] GetProcessHeap () returned 0x570000 [0054.884] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.884] GetProcessHeap () returned 0x570000 [0054.884] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593718 | out: hHeap=0x570000) returned 1 [0054.884] GetProcessHeap () returned 0x570000 [0054.884] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.884] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef40 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef40 | out: hHeap=0x570000) returned 1 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593718 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5937a0 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef40 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593718 | out: hHeap=0x570000) returned 1 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0054.885] GetProcessHeap () returned 0x570000 [0054.885] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef40 | out: hHeap=0x570000) returned 1 [0054.886] GetProcessHeap () returned 0x570000 [0054.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.886] GetProcessHeap () returned 0x570000 [0054.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.886] GetProcessHeap () returned 0x570000 [0054.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.886] GetProcessHeap () returned 0x570000 [0054.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.886] GetProcessHeap () returned 0x570000 [0054.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0054.886] GetProcessHeap () returned 0x570000 [0054.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.886] GetProcessHeap () returned 0x570000 [0054.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.886] GetProcessHeap () returned 0x570000 [0054.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.886] GetProcessHeap () returned 0x570000 [0054.886] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.886] GetProcessHeap () returned 0x570000 [0054.886] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.887] GetProcessHeap () returned 0x570000 [0054.887] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.887] GetProcessHeap () returned 0x570000 [0054.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.888] GetProcessHeap () returned 0x570000 [0054.888] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.889] GetProcessHeap () returned 0x570000 [0054.889] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.889] GetProcessHeap () returned 0x570000 [0054.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.890] GetProcessHeap () returned 0x570000 [0054.890] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.890] GetProcessHeap () returned 0x570000 [0054.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.891] GetProcessHeap () returned 0x570000 [0054.891] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.891] GetProcessHeap () returned 0x570000 [0054.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.892] GetProcessHeap () returned 0x570000 [0054.892] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef50 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef50 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5937a0 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.893] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.893] GetProcessHeap () returned 0x570000 [0054.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.894] GetProcessHeap () returned 0x570000 [0054.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.894] GetProcessHeap () returned 0x570000 [0054.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.894] GetProcessHeap () returned 0x570000 [0054.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef20 | out: hHeap=0x570000) returned 1 [0054.894] GetProcessHeap () returned 0x570000 [0054.894] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593690 | out: hHeap=0x570000) returned 1 [0054.894] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.894] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.894] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.894] CloseHandle (hObject=0x80) returned 1 [0054.900] GetProcessHeap () returned 0x570000 [0054.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0054.900] GetProcessHeap () returned 0x570000 [0054.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0054.900] GetProcessHeap () returned 0x570000 [0054.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593608 | out: hHeap=0x570000) returned 1 [0054.901] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Saved Games\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Saved Games\\desktop.ini") returned="C:\\Users\\Default\\Saved Games\\desktop.ini" [0054.901] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Saved Games\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Saved Games\\desktop.ini.{Killback@protonmail.com}KBK" [0054.901] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Saved Games\\desktop.ini" (normalized: "c:\\users\\default\\saved games\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Saved Games\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\saved games\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.901] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Saved Games\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Saved Games") returned 1 [0054.901] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Saved Games\\") returned="C:\\Users\\Default\\Saved Games\\" [0054.901] lstrcatW (in: lpString1="C:\\Users\\Default\\Saved Games\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Saved Games\\decrypt_files.html") returned="C:\\Users\\Default\\Saved Games\\decrypt_files.html" [0054.901] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Saved Games\\decrypt_files.html" (normalized: "c:\\users\\default\\saved games\\decrypt_files.html")) returned 0xffffffff [0054.901] CreateFileW (lpFileName="C:\\Users\\Default\\Saved Games\\decrypt_files.html" (normalized: "c:\\users\\default\\saved games\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.902] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0054.902] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0054.904] CloseHandle (hObject=0x80) returned 1 [0054.904] GetProcessHeap () returned 0x570000 [0054.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.904] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.904] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0054.904] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Recent\\" | out: lpString1="C:\\Users\\Default\\Recent\\") returned="C:\\Users\\Default\\Recent\\" [0054.904] GetProcessHeap () returned 0x570000 [0054.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592510 | out: hHeap=0x570000) returned 1 [0054.904] GetProcessHeap () returned 0x570000 [0054.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.904] lstrlenW (lpString="C:\\Users\\Default\\Recent\\") returned 24 [0054.904] lstrcatW (in: lpString1="C:\\Users\\Default\\Recent\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Recent\\*") returned="C:\\Users\\Default\\Recent\\*" [0054.904] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Recent\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0054.905] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\PrintHood\\" | out: lpString1="C:\\Users\\Default\\PrintHood\\") returned="C:\\Users\\Default\\PrintHood\\" [0054.905] GetProcessHeap () returned 0x570000 [0054.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924d0 | out: hHeap=0x570000) returned 1 [0054.905] GetProcessHeap () returned 0x570000 [0054.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.905] lstrlenW (lpString="C:\\Users\\Default\\PrintHood\\") returned 27 [0054.905] lstrcatW (in: lpString1="C:\\Users\\Default\\PrintHood\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\PrintHood\\*") returned="C:\\Users\\Default\\PrintHood\\*" [0054.905] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\PrintHood\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0054.905] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Pictures\\" | out: lpString1="C:\\Users\\Default\\Pictures\\") returned="C:\\Users\\Default\\Pictures\\" [0054.905] GetProcessHeap () returned 0x570000 [0054.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0054.905] GetProcessHeap () returned 0x570000 [0054.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0054.905] lstrlenW (lpString="C:\\Users\\Default\\Pictures\\") returned 26 [0054.905] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Pictures\\*") returned="C:\\Users\\Default\\Pictures\\*" [0054.905] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Pictures\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0054.910] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.910] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.910] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.910] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.910] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.910] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Pictures\\desktop.ini") returned="C:\\Users\\Default\\Pictures\\desktop.ini" [0054.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.910] GetProcessHeap () returned 0x570000 [0054.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0054.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0054.910] lstrlenA (lpString="desktop.ini") returned 11 [0054.910] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.910] lstrlenA (lpString="desktop.ini") returned 11 [0054.910] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.910] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.910] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0054.910] _alloca_probe () returned 0x40908b [0054.910] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Pictures\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0054.910] GetProcessHeap () returned 0x570000 [0054.910] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x26) returned 0x588da8 [0054.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Pictures\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Pictures\\desktop.ini", lpUsedDefaultChar=0x0) returned 38 [0054.911] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.911] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{05AB3459-0A3D-4CAC-886D-90828188318C}") returned 38 [0054.911] lstrlenA (lpString="{05AB3459-0A3D-4CAC-886D-90828188318C}") returned 38 [0054.911] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.911] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=504) returned 1 [0054.911] lstrlenA (lpString="{05AB3459-0A3D-4CAC-886D-90828188318C}") returned 38 [0054.911] GetProcessHeap () returned 0x570000 [0054.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592490 [0054.911] GetProcessHeap () returned 0x570000 [0054.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592508 [0054.911] lstrlenA (lpString="C:\\Users\\Default\\Pictures\\desktop.ini") returned 37 [0054.923] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x1f8, lpOverlapped=0x0) returned 1 [0054.934] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.934] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x200, lpOverlapped=0x0) returned 1 [0054.934] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.934] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.934] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.935] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.935] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593630) returned 1 [0054.936] CryptGenRandom (in: hProv=0x593630, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.936] CryptReleaseContext (hProv=0x593630, dwFlags=0x0) returned 1 [0054.936] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0054.936] lstrlenA (lpString="010001") returned 6 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eed0 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef10 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.936] GetProcessHeap () returned 0x570000 [0054.936] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5936a0 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef10 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef10 | out: hHeap=0x570000) returned 1 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.937] GetProcessHeap () returned 0x570000 [0054.937] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.937] GetProcessHeap () returned 0x570000 [0054.938] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.938] GetProcessHeap () returned 0x570000 [0054.938] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.938] GetProcessHeap () returned 0x570000 [0054.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.939] GetProcessHeap () returned 0x570000 [0054.939] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.940] GetProcessHeap () returned 0x570000 [0054.940] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.941] GetProcessHeap () returned 0x570000 [0054.941] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.941] GetProcessHeap () returned 0x570000 [0054.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.942] GetProcessHeap () returned 0x570000 [0054.942] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.942] GetProcessHeap () returned 0x570000 [0054.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.943] GetProcessHeap () returned 0x570000 [0054.943] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.944] GetProcessHeap () returned 0x570000 [0054.944] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef30 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef30 | out: hHeap=0x570000) returned 1 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5936a0 | out: hHeap=0x570000) returned 1 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0054.945] GetProcessHeap () returned 0x570000 [0054.945] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0054.945] GetProcessHeap () returned 0x570000 [0054.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0054.946] GetProcessHeap () returned 0x570000 [0054.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0054.946] GetProcessHeap () returned 0x570000 [0054.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0054.946] GetProcessHeap () returned 0x570000 [0054.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eed0 | out: hHeap=0x570000) returned 1 [0054.946] GetProcessHeap () returned 0x570000 [0054.946] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0054.946] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0054.947] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0054.947] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0054.948] CloseHandle (hObject=0x80) returned 1 [0054.952] GetProcessHeap () returned 0x570000 [0054.952] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0054.952] GetProcessHeap () returned 0x570000 [0054.952] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0054.952] GetProcessHeap () returned 0x570000 [0054.952] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592508 | out: hHeap=0x570000) returned 1 [0054.952] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Pictures\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Pictures\\desktop.ini") returned="C:\\Users\\Default\\Pictures\\desktop.ini" [0054.952] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Pictures\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Pictures\\desktop.ini.{Killback@protonmail.com}KBK" [0054.952] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Pictures\\desktop.ini" (normalized: "c:\\users\\default\\pictures\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Pictures\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\pictures\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0054.953] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Pictures\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Pictures") returned 1 [0054.953] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Pictures\\") returned="C:\\Users\\Default\\Pictures\\" [0054.953] lstrcatW (in: lpString1="C:\\Users\\Default\\Pictures\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Pictures\\decrypt_files.html") returned="C:\\Users\\Default\\Pictures\\decrypt_files.html" [0054.953] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Pictures\\decrypt_files.html" (normalized: "c:\\users\\default\\pictures\\decrypt_files.html")) returned 0xffffffff [0054.953] CreateFileW (lpFileName="C:\\Users\\Default\\Pictures\\decrypt_files.html" (normalized: "c:\\users\\default\\pictures\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.953] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0054.953] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0054.955] CloseHandle (hObject=0x80) returned 1 [0054.955] GetProcessHeap () returned 0x570000 [0054.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0054.955] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0054.955] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0054.955] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\NetHood\\" | out: lpString1="C:\\Users\\Default\\NetHood\\") returned="C:\\Users\\Default\\NetHood\\" [0054.955] GetProcessHeap () returned 0x570000 [0054.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592450 | out: hHeap=0x570000) returned 1 [0054.955] GetProcessHeap () returned 0x570000 [0054.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.955] lstrlenW (lpString="C:\\Users\\Default\\NetHood\\") returned 25 [0054.955] lstrcatW (in: lpString1="C:\\Users\\Default\\NetHood\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\NetHood\\*") returned="C:\\Users\\Default\\NetHood\\*" [0054.955] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\NetHood\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0054.955] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\My Documents\\" | out: lpString1="C:\\Users\\Default\\My Documents\\") returned="C:\\Users\\Default\\My Documents\\" [0054.956] GetProcessHeap () returned 0x570000 [0054.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0054.956] GetProcessHeap () returned 0x570000 [0054.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0054.956] lstrlenW (lpString="C:\\Users\\Default\\My Documents\\") returned 30 [0054.956] lstrcatW (in: lpString1="C:\\Users\\Default\\My Documents\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\My Documents\\*") returned="C:\\Users\\Default\\My Documents\\*" [0054.956] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\My Documents\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0054.956] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Music\\" | out: lpString1="C:\\Users\\Default\\Music\\") returned="C:\\Users\\Default\\Music\\" [0054.956] GetProcessHeap () returned 0x570000 [0054.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0054.956] GetProcessHeap () returned 0x570000 [0054.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0054.956] lstrlenW (lpString="C:\\Users\\Default\\Music\\") returned 23 [0054.956] lstrcatW (in: lpString1="C:\\Users\\Default\\Music\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Music\\*") returned="C:\\Users\\Default\\Music\\*" [0054.956] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Music\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0054.956] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0054.956] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0054.957] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0054.957] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0054.957] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0054.957] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0054.957] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0054.957] lstrcatW (in: lpString1="C:\\Users\\Default\\Music\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Music\\desktop.ini") returned="C:\\Users\\Default\\Music\\desktop.ini" [0054.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0054.957] GetProcessHeap () returned 0x570000 [0054.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0054.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0054.957] lstrlenA (lpString="desktop.ini") returned 11 [0054.957] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.957] lstrlenA (lpString="desktop.ini") returned 11 [0054.957] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0054.957] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0054.957] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0054.957] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0054.957] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0054.957] _alloca_probe () returned 0x40908b [0054.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Music\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0054.958] GetProcessHeap () returned 0x570000 [0054.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x23) returned 0x588da8 [0054.958] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Music\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Music\\desktop.ini", lpUsedDefaultChar=0x0) returned 35 [0054.958] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0054.958] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{538FD66F-97A1-4FD0-973A-4FC3274AA9A9}") returned 38 [0054.958] lstrlenA (lpString="{538FD66F-97A1-4FD0-973A-4FC3274AA9A9}") returned 38 [0054.958] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0054.958] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=504) returned 1 [0054.958] lstrlenA (lpString="{538FD66F-97A1-4FD0-973A-4FC3274AA9A9}") returned 38 [0054.958] GetProcessHeap () returned 0x570000 [0054.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592418 [0054.958] GetProcessHeap () returned 0x570000 [0054.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592490 [0054.958] lstrlenA (lpString="C:\\Users\\Default\\Music\\desktop.ini") returned 34 [0054.969] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x1f8, lpOverlapped=0x0) returned 1 [0054.971] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.971] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x200, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x200, lpOverlapped=0x0) returned 1 [0054.972] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0054.972] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0054.972] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0054.972] lstrlenA (lpString="rsa_encrypt") returned 11 [0054.972] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5935c8) returned 1 [0054.973] CryptGenRandom (in: hProv=0x5935c8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0054.973] CryptReleaseContext (hProv=0x5935c8, dwFlags=0x0) returned 1 [0054.981] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0054.981] GetProcessHeap () returned 0x570000 [0054.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0054.981] lstrlenA (lpString="010001") returned 6 [0054.981] GetProcessHeap () returned 0x570000 [0054.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0054.981] GetProcessHeap () returned 0x570000 [0054.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0054.981] GetProcessHeap () returned 0x570000 [0054.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0054.981] GetProcessHeap () returned 0x570000 [0054.981] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0054.981] GetProcessHeap () returned 0x570000 [0054.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0054.981] GetProcessHeap () returned 0x570000 [0054.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0054.981] GetProcessHeap () returned 0x570000 [0054.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5936a0 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0054.982] GetProcessHeap () returned 0x570000 [0054.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.983] GetProcessHeap () returned 0x570000 [0054.983] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.983] GetProcessHeap () returned 0x570000 [0054.984] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.984] GetProcessHeap () returned 0x570000 [0054.984] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.984] GetProcessHeap () returned 0x570000 [0054.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.985] GetProcessHeap () returned 0x570000 [0054.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.985] GetProcessHeap () returned 0x570000 [0054.986] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.986] GetProcessHeap () returned 0x570000 [0054.986] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.986] GetProcessHeap () returned 0x570000 [0054.987] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.987] GetProcessHeap () returned 0x570000 [0054.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.988] GetProcessHeap () returned 0x570000 [0054.988] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.988] GetProcessHeap () returned 0x570000 [0054.989] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.989] GetProcessHeap () returned 0x570000 [0054.989] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0054.989] GetProcessHeap () returned 0x570000 [0054.989] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0054.989] GetProcessHeap () returned 0x570000 [0054.989] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.004] GetProcessHeap () returned 0x570000 [0055.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.004] GetProcessHeap () returned 0x570000 [0055.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.004] GetProcessHeap () returned 0x570000 [0055.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.004] GetProcessHeap () returned 0x570000 [0055.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.004] GetProcessHeap () returned 0x570000 [0055.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.004] GetProcessHeap () returned 0x570000 [0055.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.004] GetProcessHeap () returned 0x570000 [0055.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5936a0 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.005] GetProcessHeap () returned 0x570000 [0055.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.006] GetProcessHeap () returned 0x570000 [0055.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.006] GetProcessHeap () returned 0x570000 [0055.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.006] GetProcessHeap () returned 0x570000 [0055.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.006] GetProcessHeap () returned 0x570000 [0055.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.006] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.006] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.006] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.006] CloseHandle (hObject=0x80) returned 1 [0055.012] GetProcessHeap () returned 0x570000 [0055.012] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0055.012] GetProcessHeap () returned 0x570000 [0055.012] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0055.012] GetProcessHeap () returned 0x570000 [0055.012] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592490 | out: hHeap=0x570000) returned 1 [0055.012] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Music\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Music\\desktop.ini") returned="C:\\Users\\Default\\Music\\desktop.ini" [0055.012] lstrcatW (in: lpString1="C:\\Users\\Default\\Music\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Music\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Music\\desktop.ini.{Killback@protonmail.com}KBK" [0055.012] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Music\\desktop.ini" (normalized: "c:\\users\\default\\music\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Music\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\music\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.013] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Music\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Music") returned 1 [0055.013] lstrcatW (in: lpString1="C:\\Users\\Default\\Music", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Music\\") returned="C:\\Users\\Default\\Music\\" [0055.013] lstrcatW (in: lpString1="C:\\Users\\Default\\Music\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Music\\decrypt_files.html") returned="C:\\Users\\Default\\Music\\decrypt_files.html" [0055.013] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Music\\decrypt_files.html" (normalized: "c:\\users\\default\\music\\decrypt_files.html")) returned 0xffffffff [0055.013] CreateFileW (lpFileName="C:\\Users\\Default\\Music\\decrypt_files.html" (normalized: "c:\\users\\default\\music\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.014] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0055.014] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0055.015] CloseHandle (hObject=0x80) returned 1 [0055.016] GetProcessHeap () returned 0x570000 [0055.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.016] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0055.016] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0055.016] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Local Settings\\" | out: lpString1="C:\\Users\\Default\\Local Settings\\") returned="C:\\Users\\Default\\Local Settings\\" [0055.016] GetProcessHeap () returned 0x570000 [0055.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589158 | out: hHeap=0x570000) returned 1 [0055.016] GetProcessHeap () returned 0x570000 [0055.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.016] lstrlenW (lpString="C:\\Users\\Default\\Local Settings\\") returned 32 [0055.016] lstrcatW (in: lpString1="C:\\Users\\Default\\Local Settings\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Local Settings\\*") returned="C:\\Users\\Default\\Local Settings\\*" [0055.016] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Local Settings\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0055.016] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Links\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0055.016] GetProcessHeap () returned 0x570000 [0055.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0055.016] GetProcessHeap () returned 0x570000 [0055.016] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.016] lstrlenW (lpString="C:\\Users\\Default\\Links\\") returned 23 [0055.017] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Links\\*") returned="C:\\Users\\Default\\Links\\*" [0055.017] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Links\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0055.163] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.163] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.163] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.163] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.163] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.163] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.163] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.163] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Links\\desktop.ini") returned="C:\\Users\\Default\\Links\\desktop.ini" [0055.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.164] GetProcessHeap () returned 0x570000 [0055.164] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0055.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0055.164] lstrlenA (lpString="desktop.ini") returned 11 [0055.164] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.164] lstrlenA (lpString="desktop.ini") returned 11 [0055.164] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.164] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0055.164] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.164] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.164] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0055.164] _alloca_probe () returned 0x40908b [0055.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Links\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0055.164] GetProcessHeap () returned 0x570000 [0055.164] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x23) returned 0x588da8 [0055.164] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Links\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Links\\desktop.ini", lpUsedDefaultChar=0x0) returned 35 [0055.164] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.164] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{2651FB7D-11FE-4143-BA18-7260726F8A38}") returned 38 [0055.164] lstrlenA (lpString="{2651FB7D-11FE-4143-BA18-7260726F8A38}") returned 38 [0055.164] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.166] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=580) returned 1 [0055.166] lstrlenA (lpString="{2651FB7D-11FE-4143-BA18-7260726F8A38}") returned 38 [0055.167] GetProcessHeap () returned 0x570000 [0055.167] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923e0 [0055.167] GetProcessHeap () returned 0x570000 [0055.167] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592458 [0055.167] lstrlenA (lpString="C:\\Users\\Default\\Links\\desktop.ini") returned 34 [0055.177] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x244, lpOverlapped=0x0) returned 1 [0055.178] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.179] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x250, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x250, lpOverlapped=0x0) returned 1 [0055.179] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.179] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.179] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.179] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.179] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593590) returned 1 [0055.180] CryptGenRandom (in: hProv=0x593590, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.180] CryptReleaseContext (hProv=0x593590, dwFlags=0x0) returned 1 [0055.180] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.180] GetProcessHeap () returned 0x570000 [0055.180] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e0 [0055.180] lstrlenA (lpString="010001") returned 6 [0055.180] GetProcessHeap () returned 0x570000 [0055.180] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.180] GetProcessHeap () returned 0x570000 [0055.180] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.180] GetProcessHeap () returned 0x570000 [0055.180] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593618 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.181] GetProcessHeap () returned 0x570000 [0055.181] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.182] GetProcessHeap () returned 0x570000 [0055.182] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.182] GetProcessHeap () returned 0x570000 [0055.183] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.183] GetProcessHeap () returned 0x570000 [0055.183] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.184] GetProcessHeap () returned 0x570000 [0055.184] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.185] GetProcessHeap () returned 0x570000 [0055.185] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.186] GetProcessHeap () returned 0x570000 [0055.186] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.186] GetProcessHeap () returned 0x570000 [0055.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.187] GetProcessHeap () returned 0x570000 [0055.187] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.187] GetProcessHeap () returned 0x570000 [0055.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.188] GetProcessHeap () returned 0x570000 [0055.188] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.188] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.189] GetProcessHeap () returned 0x570000 [0055.189] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.190] GetProcessHeap () returned 0x570000 [0055.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.190] GetProcessHeap () returned 0x570000 [0055.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.190] GetProcessHeap () returned 0x570000 [0055.190] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e0 | out: hHeap=0x570000) returned 1 [0055.190] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.190] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.190] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.190] CloseHandle (hObject=0x80) returned 1 [0055.203] GetProcessHeap () returned 0x570000 [0055.203] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0055.203] GetProcessHeap () returned 0x570000 [0055.203] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0055.203] GetProcessHeap () returned 0x570000 [0055.203] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0055.203] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Links\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Links\\desktop.ini") returned="C:\\Users\\Default\\Links\\desktop.ini" [0055.203] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Links\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Links\\desktop.ini.{Killback@protonmail.com}KBK" [0055.203] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Links\\desktop.ini" (normalized: "c:\\users\\default\\links\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Links\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\links\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.204] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Links\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Links") returned 1 [0055.204] lstrcatW (in: lpString1="C:\\Users\\Default\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0055.204] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Links\\decrypt_files.html") returned="C:\\Users\\Default\\Links\\decrypt_files.html" [0055.204] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Links\\decrypt_files.html" (normalized: "c:\\users\\default\\links\\decrypt_files.html")) returned 0xffffffff [0055.204] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\decrypt_files.html" (normalized: "c:\\users\\default\\links\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.205] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0055.205] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0055.206] CloseHandle (hObject=0x80) returned 1 [0055.206] GetProcessHeap () returned 0x570000 [0055.206] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.206] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1d3, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0055.206] lstrcmpiW (lpString1="Desktop.lnk", lpString2=".") returned 1 [0055.206] lstrcmpiW (lpString1="Desktop.lnk", lpString2="..") returned 1 [0055.206] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="Desktop.lnk" | out: lpString1="C:\\Users\\Default\\Links\\Desktop.lnk") returned="C:\\Users\\Default\\Links\\Desktop.lnk" [0055.206] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Desktop.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.206] GetProcessHeap () returned 0x570000 [0055.206] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0055.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Desktop.lnk", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Desktop.lnk", lpUsedDefaultChar=0x0) returned 12 [0055.207] lstrlenA (lpString="Desktop.lnk") returned 11 [0055.207] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.207] lstrlenA (lpString="Desktop.lnk") returned 11 [0055.207] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.207] lstrcmpiW (lpString1="Desktop.lnk", lpString2="decrypt_files.html") returned 1 [0055.207] lstrcmpiW (lpString1="Desktop.lnk", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.207] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.207] lstrcmpiW (lpString1="Desktop.lnk", lpString2="sihvgt.exe") returned -1 [0055.207] _alloca_probe () returned 0x40908b [0055.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Links\\Desktop.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 35 [0055.207] GetProcessHeap () returned 0x570000 [0055.207] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x23) returned 0x588da8 [0055.207] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Links\\Desktop.lnk", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=35, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Links\\Desktop.lnk", lpUsedDefaultChar=0x0) returned 35 [0055.207] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.207] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{5739C7C6-5767-41DB-80BB-F11A78564AD6}") returned 38 [0055.207] lstrlenA (lpString="{5739C7C6-5767-41DB-80BB-F11A78564AD6}") returned 38 [0055.207] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.208] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=467) returned 1 [0055.208] lstrlenA (lpString="{5739C7C6-5767-41DB-80BB-F11A78564AD6}") returned 38 [0055.208] GetProcessHeap () returned 0x570000 [0055.208] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923e0 [0055.208] GetProcessHeap () returned 0x570000 [0055.208] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592458 [0055.208] lstrlenA (lpString="C:\\Users\\Default\\Links\\Desktop.lnk") returned 34 [0055.220] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x1d3, lpOverlapped=0x0) returned 1 [0055.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x1e0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x1e0, lpOverlapped=0x0) returned 1 [0055.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.221] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.221] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593590) returned 1 [0055.222] CryptGenRandom (in: hProv=0x593590, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.222] CryptReleaseContext (hProv=0x593590, dwFlags=0x0) returned 1 [0055.222] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.222] GetProcessHeap () returned 0x570000 [0055.222] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e0 [0055.222] lstrlenA (lpString="010001") returned 6 [0055.222] GetProcessHeap () returned 0x570000 [0055.222] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.223] GetProcessHeap () returned 0x570000 [0055.223] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.223] GetProcessHeap () returned 0x570000 [0055.223] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.225] GetProcessHeap () returned 0x570000 [0055.225] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.225] GetProcessHeap () returned 0x570000 [0055.225] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.225] GetProcessHeap () returned 0x570000 [0055.225] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.225] GetProcessHeap () returned 0x570000 [0055.225] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0055.225] GetProcessHeap () returned 0x570000 [0055.225] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.225] GetProcessHeap () returned 0x570000 [0055.225] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593618 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.226] GetProcessHeap () returned 0x570000 [0055.226] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.227] GetProcessHeap () returned 0x570000 [0055.227] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.228] GetProcessHeap () returned 0x570000 [0055.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.229] GetProcessHeap () returned 0x570000 [0055.229] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.230] GetProcessHeap () returned 0x570000 [0055.230] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.230] GetProcessHeap () returned 0x570000 [0055.231] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.231] GetProcessHeap () returned 0x570000 [0055.231] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.232] GetProcessHeap () returned 0x570000 [0055.232] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.232] GetProcessHeap () returned 0x570000 [0055.233] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.233] GetProcessHeap () returned 0x570000 [0055.233] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.234] GetProcessHeap () returned 0x570000 [0055.234] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.234] GetProcessHeap () returned 0x570000 [0055.235] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.235] GetProcessHeap () returned 0x570000 [0055.235] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.235] GetProcessHeap () returned 0x570000 [0055.235] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.235] GetProcessHeap () returned 0x570000 [0055.235] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.235] GetProcessHeap () returned 0x570000 [0055.235] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.235] GetProcessHeap () returned 0x570000 [0055.235] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.235] GetProcessHeap () returned 0x570000 [0055.235] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.235] GetProcessHeap () returned 0x570000 [0055.235] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.235] GetProcessHeap () returned 0x570000 [0055.235] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.235] GetProcessHeap () returned 0x570000 [0055.235] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e0 | out: hHeap=0x570000) returned 1 [0055.235] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.235] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.235] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.236] CloseHandle (hObject=0x80) returned 1 [0055.247] GetProcessHeap () returned 0x570000 [0055.247] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0055.247] GetProcessHeap () returned 0x570000 [0055.247] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0055.247] GetProcessHeap () returned 0x570000 [0055.247] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0055.247] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Links\\Desktop.lnk" | out: lpString1="C:\\Users\\Default\\Links\\Desktop.lnk") returned="C:\\Users\\Default\\Links\\Desktop.lnk" [0055.247] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\Desktop.lnk", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Links\\Desktop.lnk.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Links\\Desktop.lnk.{Killback@protonmail.com}KBK" [0055.247] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Links\\Desktop.lnk" (normalized: "c:\\users\\default\\links\\desktop.lnk"), lpNewFileName="C:\\Users\\Default\\Links\\Desktop.lnk.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\links\\desktop.lnk.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.248] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Links\\Desktop.lnk" | out: pszPath="C:\\Users\\Default\\Links") returned 1 [0055.248] lstrcatW (in: lpString1="C:\\Users\\Default\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0055.248] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Links\\decrypt_files.html") returned="C:\\Users\\Default\\Links\\decrypt_files.html" [0055.248] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Links\\decrypt_files.html" (normalized: "c:\\users\\default\\links\\decrypt_files.html")) returned 0x20 [0055.248] GetProcessHeap () returned 0x570000 [0055.248] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.248] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0055.248] lstrcmpiW (lpString1="Downloads.lnk", lpString2=".") returned 1 [0055.248] lstrcmpiW (lpString1="Downloads.lnk", lpString2="..") returned 1 [0055.248] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="Downloads.lnk" | out: lpString1="C:\\Users\\Default\\Links\\Downloads.lnk") returned="C:\\Users\\Default\\Links\\Downloads.lnk" [0055.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Downloads.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.248] GetProcessHeap () returned 0x570000 [0055.248] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xe) returned 0x590f68 [0055.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Downloads.lnk", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Downloads.lnk", lpUsedDefaultChar=0x0) returned 14 [0055.248] lstrlenA (lpString="Downloads.lnk") returned 13 [0055.248] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.248] lstrlenA (lpString="Downloads.lnk") returned 13 [0055.248] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.248] lstrcmpiW (lpString1="Downloads.lnk", lpString2="decrypt_files.html") returned 1 [0055.248] lstrcmpiW (lpString1="Downloads.lnk", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.248] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.248] lstrcmpiW (lpString1="Downloads.lnk", lpString2="sihvgt.exe") returned -1 [0055.248] _alloca_probe () returned 0x40908b [0055.248] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Links\\Downloads.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0055.248] GetProcessHeap () returned 0x570000 [0055.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x25) returned 0x588da8 [0055.249] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Links\\Downloads.lnk", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Links\\Downloads.lnk", lpUsedDefaultChar=0x0) returned 37 [0055.249] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.249] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{F60C32C2-5CFC-4A16-B70D-2E6394569175}") returned 38 [0055.249] lstrlenA (lpString="{F60C32C2-5CFC-4A16-B70D-2E6394569175}") returned 38 [0055.249] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.249] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=894) returned 1 [0055.249] lstrlenA (lpString="{F60C32C2-5CFC-4A16-B70D-2E6394569175}") returned 38 [0055.249] GetProcessHeap () returned 0x570000 [0055.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923e0 [0055.249] GetProcessHeap () returned 0x570000 [0055.249] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592458 [0055.249] lstrlenA (lpString="C:\\Users\\Default\\Links\\Downloads.lnk") returned 36 [0055.259] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x37e, lpOverlapped=0x0) returned 1 [0055.274] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.274] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x380, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x380, lpOverlapped=0x0) returned 1 [0055.274] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.274] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.274] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.274] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.274] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593590) returned 1 [0055.275] CryptGenRandom (in: hProv=0x593590, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.275] CryptReleaseContext (hProv=0x593590, dwFlags=0x0) returned 1 [0055.275] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.275] GetProcessHeap () returned 0x570000 [0055.275] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e0 [0055.275] lstrlenA (lpString="010001") returned 6 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593618 [0055.276] GetProcessHeap () returned 0x570000 [0055.276] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.277] GetProcessHeap () returned 0x570000 [0055.277] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.278] GetProcessHeap () returned 0x570000 [0055.278] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.279] GetProcessHeap () returned 0x570000 [0055.279] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.280] GetProcessHeap () returned 0x570000 [0055.280] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.280] GetProcessHeap () returned 0x570000 [0055.281] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.281] GetProcessHeap () returned 0x570000 [0055.281] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.282] GetProcessHeap () returned 0x570000 [0055.282] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.283] GetProcessHeap () returned 0x570000 [0055.283] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.284] GetProcessHeap () returned 0x570000 [0055.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.285] GetProcessHeap () returned 0x570000 [0055.285] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.285] GetProcessHeap () returned 0x570000 [0055.285] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.285] GetProcessHeap () returned 0x570000 [0055.285] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.285] GetProcessHeap () returned 0x570000 [0055.285] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.285] GetProcessHeap () returned 0x570000 [0055.285] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e0 | out: hHeap=0x570000) returned 1 [0055.285] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.285] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.285] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.285] CloseHandle (hObject=0x80) returned 1 [0055.288] GetProcessHeap () returned 0x570000 [0055.288] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0055.288] GetProcessHeap () returned 0x570000 [0055.288] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0055.288] GetProcessHeap () returned 0x570000 [0055.288] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0055.288] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Links\\Downloads.lnk" | out: lpString1="C:\\Users\\Default\\Links\\Downloads.lnk") returned="C:\\Users\\Default\\Links\\Downloads.lnk" [0055.288] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\Downloads.lnk", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Links\\Downloads.lnk.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Links\\Downloads.lnk.{Killback@protonmail.com}KBK" [0055.288] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Links\\Downloads.lnk" (normalized: "c:\\users\\default\\links\\downloads.lnk"), lpNewFileName="C:\\Users\\Default\\Links\\Downloads.lnk.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\links\\downloads.lnk.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.289] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Links\\Downloads.lnk" | out: pszPath="C:\\Users\\Default\\Links") returned 1 [0055.289] lstrcatW (in: lpString1="C:\\Users\\Default\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0055.289] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Links\\decrypt_files.html") returned="C:\\Users\\Default\\Links\\decrypt_files.html" [0055.289] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Links\\decrypt_files.html" (normalized: "c:\\users\\default\\links\\decrypt_files.html")) returned 0x20 [0055.289] GetProcessHeap () returned 0x570000 [0055.289] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.289] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0055.289] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2=".") returned 1 [0055.289] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="..") returned 1 [0055.289] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="RecentPlaces.lnk" | out: lpString1="C:\\Users\\Default\\Links\\RecentPlaces.lnk") returned="C:\\Users\\Default\\Links\\RecentPlaces.lnk" [0055.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="RecentPlaces.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0055.289] GetProcessHeap () returned 0x570000 [0055.289] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x58fdc0 [0055.289] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="RecentPlaces.lnk", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="RecentPlaces.lnk", lpUsedDefaultChar=0x0) returned 17 [0055.289] lstrlenA (lpString="RecentPlaces.lnk") returned 16 [0055.289] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.290] lstrlenA (lpString="RecentPlaces.lnk") returned 16 [0055.290] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.290] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="decrypt_files.html") returned 1 [0055.290] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.290] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.290] lstrcmpiW (lpString1="RecentPlaces.lnk", lpString2="sihvgt.exe") returned -1 [0055.290] _alloca_probe () returned 0x40908b [0055.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Links\\RecentPlaces.lnk", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 40 [0055.290] GetProcessHeap () returned 0x570000 [0055.290] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x28) returned 0x588da8 [0055.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Links\\RecentPlaces.lnk", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=40, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Links\\RecentPlaces.lnk", lpUsedDefaultChar=0x0) returned 40 [0055.290] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.290] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{7A559F44-CDDC-4CAB-9E52-7D48F21889C3}") returned 38 [0055.290] lstrlenA (lpString="{7A559F44-CDDC-4CAB-9E52-7D48F21889C3}") returned 38 [0055.290] CreateFileW (lpFileName="C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.291] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=363) returned 1 [0055.291] lstrlenA (lpString="{7A559F44-CDDC-4CAB-9E52-7D48F21889C3}") returned 38 [0055.291] GetProcessHeap () returned 0x570000 [0055.291] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923e0 [0055.291] GetProcessHeap () returned 0x570000 [0055.291] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592458 [0055.291] lstrlenA (lpString="C:\\Users\\Default\\Links\\RecentPlaces.lnk") returned 39 [0055.305] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x16b, lpOverlapped=0x0) returned 1 [0055.306] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.306] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x170, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x170, lpOverlapped=0x0) returned 1 [0055.307] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.307] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.307] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.307] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.307] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593590) returned 1 [0055.308] CryptGenRandom (in: hProv=0x593590, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.308] CryptReleaseContext (hProv=0x593590, dwFlags=0x0) returned 1 [0055.308] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.308] GetProcessHeap () returned 0x570000 [0055.308] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e0 [0055.308] lstrlenA (lpString="010001") returned 6 [0055.308] GetProcessHeap () returned 0x570000 [0055.308] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.308] GetProcessHeap () returned 0x570000 [0055.308] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.308] GetProcessHeap () returned 0x570000 [0055.308] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.308] GetProcessHeap () returned 0x570000 [0055.308] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.308] GetProcessHeap () returned 0x570000 [0055.308] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.308] GetProcessHeap () returned 0x570000 [0055.308] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.308] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593618 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.309] GetProcessHeap () returned 0x570000 [0055.309] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.310] GetProcessHeap () returned 0x570000 [0055.310] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.311] GetProcessHeap () returned 0x570000 [0055.311] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.312] GetProcessHeap () returned 0x570000 [0055.312] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.312] GetProcessHeap () returned 0x570000 [0055.313] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.313] GetProcessHeap () returned 0x570000 [0055.313] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.313] GetProcessHeap () returned 0x570000 [0055.314] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.314] GetProcessHeap () returned 0x570000 [0055.314] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.314] GetProcessHeap () returned 0x570000 [0055.315] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.315] GetProcessHeap () returned 0x570000 [0055.315] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.315] GetProcessHeap () returned 0x570000 [0055.316] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.316] GetProcessHeap () returned 0x570000 [0055.316] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.316] GetProcessHeap () returned 0x570000 [0055.317] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.317] GetProcessHeap () returned 0x570000 [0055.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.317] GetProcessHeap () returned 0x570000 [0055.318] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.318] GetProcessHeap () returned 0x570000 [0055.318] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.318] GetProcessHeap () returned 0x570000 [0055.318] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.318] GetProcessHeap () returned 0x570000 [0055.318] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.318] GetProcessHeap () returned 0x570000 [0055.318] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e0 | out: hHeap=0x570000) returned 1 [0055.318] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.318] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.318] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.318] CloseHandle (hObject=0x80) returned 1 [0055.324] GetProcessHeap () returned 0x570000 [0055.324] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0055.324] GetProcessHeap () returned 0x570000 [0055.324] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0055.324] GetProcessHeap () returned 0x570000 [0055.324] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592458 | out: hHeap=0x570000) returned 1 [0055.324] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Links\\RecentPlaces.lnk" | out: lpString1="C:\\Users\\Default\\Links\\RecentPlaces.lnk") returned="C:\\Users\\Default\\Links\\RecentPlaces.lnk" [0055.324] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\RecentPlaces.lnk", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Links\\RecentPlaces.lnk.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Links\\RecentPlaces.lnk.{Killback@protonmail.com}KBK" [0055.324] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Links\\RecentPlaces.lnk" (normalized: "c:\\users\\default\\links\\recentplaces.lnk"), lpNewFileName="C:\\Users\\Default\\Links\\RecentPlaces.lnk.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\links\\recentplaces.lnk.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.325] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Links\\RecentPlaces.lnk" | out: pszPath="C:\\Users\\Default\\Links") returned 1 [0055.325] lstrcatW (in: lpString1="C:\\Users\\Default\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Links\\") returned="C:\\Users\\Default\\Links\\" [0055.325] lstrcatW (in: lpString1="C:\\Users\\Default\\Links\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Links\\decrypt_files.html") returned="C:\\Users\\Default\\Links\\decrypt_files.html" [0055.325] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Links\\decrypt_files.html" (normalized: "c:\\users\\default\\links\\decrypt_files.html")) returned 0x20 [0055.325] GetProcessHeap () returned 0x570000 [0055.325] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.325] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0055.325] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0055.325] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Favorites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0055.325] GetProcessHeap () returned 0x570000 [0055.325] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0055.325] GetProcessHeap () returned 0x570000 [0055.325] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.325] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\") returned 27 [0055.325] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\*") returned="C:\\Users\\Default\\Favorites\\*" [0055.326] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0055.328] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.328] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.329] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.329] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.329] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.329] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.329] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.329] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Favorites\\desktop.ini") returned="C:\\Users\\Default\\Favorites\\desktop.ini" [0055.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.329] GetProcessHeap () returned 0x570000 [0055.329] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0055.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0055.329] lstrlenA (lpString="desktop.ini") returned 11 [0055.329] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.329] lstrlenA (lpString="desktop.ini") returned 11 [0055.329] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.329] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0055.329] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.329] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.329] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0055.329] _alloca_probe () returned 0x40908b [0055.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0055.329] GetProcessHeap () returned 0x570000 [0055.329] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x27) returned 0x588da8 [0055.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\desktop.ini", lpUsedDefaultChar=0x0) returned 39 [0055.329] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.329] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{A34F128E-CC33-45B3-9EB7-49A99FBAE544}") returned 38 [0055.329] lstrlenA (lpString="{A34F128E-CC33-45B3-9EB7-49A99FBAE544}") returned 38 [0055.330] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.330] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=402) returned 1 [0055.330] lstrlenA (lpString="{A34F128E-CC33-45B3-9EB7-49A99FBAE544}") returned 38 [0055.331] GetProcessHeap () returned 0x570000 [0055.331] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923a0 [0055.331] GetProcessHeap () returned 0x570000 [0055.331] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592418 [0055.331] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\desktop.ini") returned 38 [0055.341] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x192, lpOverlapped=0x0) returned 1 [0055.342] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.343] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x1a0, lpOverlapped=0x0) returned 1 [0055.343] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.343] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.343] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.344] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.344] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593590) returned 1 [0055.345] CryptGenRandom (in: hProv=0x593590, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.345] CryptReleaseContext (hProv=0x593590, dwFlags=0x0) returned 1 [0055.345] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.345] GetProcessHeap () returned 0x570000 [0055.345] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924a0 [0055.345] lstrlenA (lpString="010001") returned 6 [0055.345] GetProcessHeap () returned 0x570000 [0055.345] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0055.345] GetProcessHeap () returned 0x570000 [0055.345] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.345] GetProcessHeap () returned 0x570000 [0055.345] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.345] GetProcessHeap () returned 0x570000 [0055.346] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.346] GetProcessHeap () returned 0x570000 [0055.346] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.346] GetProcessHeap () returned 0x570000 [0055.346] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.346] GetProcessHeap () returned 0x570000 [0055.346] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.346] GetProcessHeap () returned 0x570000 [0055.346] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.346] GetProcessHeap () returned 0x570000 [0055.346] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.346] GetProcessHeap () returned 0x570000 [0055.346] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.346] GetProcessHeap () returned 0x570000 [0055.346] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.346] GetProcessHeap () returned 0x570000 [0055.346] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593618 [0055.347] GetProcessHeap () returned 0x570000 [0055.347] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.347] GetProcessHeap () returned 0x570000 [0055.347] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.347] GetProcessHeap () returned 0x570000 [0055.347] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.347] GetProcessHeap () returned 0x570000 [0055.347] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.347] GetProcessHeap () returned 0x570000 [0055.347] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.347] GetProcessHeap () returned 0x570000 [0055.347] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.347] GetProcessHeap () returned 0x570000 [0055.347] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.347] GetProcessHeap () returned 0x570000 [0055.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0055.348] GetProcessHeap () returned 0x570000 [0055.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.348] GetProcessHeap () returned 0x570000 [0055.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.348] GetProcessHeap () returned 0x570000 [0055.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.348] GetProcessHeap () returned 0x570000 [0055.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.348] GetProcessHeap () returned 0x570000 [0055.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.348] GetProcessHeap () returned 0x570000 [0055.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0055.348] GetProcessHeap () returned 0x570000 [0055.348] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.348] GetProcessHeap () returned 0x570000 [0055.348] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.349] GetProcessHeap () returned 0x570000 [0055.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.349] GetProcessHeap () returned 0x570000 [0055.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.349] GetProcessHeap () returned 0x570000 [0055.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.349] GetProcessHeap () returned 0x570000 [0055.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.349] GetProcessHeap () returned 0x570000 [0055.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.349] GetProcessHeap () returned 0x570000 [0055.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.349] GetProcessHeap () returned 0x570000 [0055.349] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.349] GetProcessHeap () returned 0x570000 [0055.349] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.349] GetProcessHeap () returned 0x570000 [0055.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.350] GetProcessHeap () returned 0x570000 [0055.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.350] GetProcessHeap () returned 0x570000 [0055.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.350] GetProcessHeap () returned 0x570000 [0055.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.350] GetProcessHeap () returned 0x570000 [0055.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.350] GetProcessHeap () returned 0x570000 [0055.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.350] GetProcessHeap () returned 0x570000 [0055.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.350] GetProcessHeap () returned 0x570000 [0055.350] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.350] GetProcessHeap () returned 0x570000 [0055.350] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.351] GetProcessHeap () returned 0x570000 [0055.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.351] GetProcessHeap () returned 0x570000 [0055.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.351] GetProcessHeap () returned 0x570000 [0055.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.351] GetProcessHeap () returned 0x570000 [0055.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.351] GetProcessHeap () returned 0x570000 [0055.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.351] GetProcessHeap () returned 0x570000 [0055.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.351] GetProcessHeap () returned 0x570000 [0055.351] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.351] GetProcessHeap () returned 0x570000 [0055.351] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.352] GetProcessHeap () returned 0x570000 [0055.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.352] GetProcessHeap () returned 0x570000 [0055.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.352] GetProcessHeap () returned 0x570000 [0055.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.352] GetProcessHeap () returned 0x570000 [0055.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.352] GetProcessHeap () returned 0x570000 [0055.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.352] GetProcessHeap () returned 0x570000 [0055.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.352] GetProcessHeap () returned 0x570000 [0055.352] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.352] GetProcessHeap () returned 0x570000 [0055.352] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.352] GetProcessHeap () returned 0x570000 [0055.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.353] GetProcessHeap () returned 0x570000 [0055.353] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.353] GetProcessHeap () returned 0x570000 [0055.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.353] GetProcessHeap () returned 0x570000 [0055.353] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.353] GetProcessHeap () returned 0x570000 [0055.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.353] GetProcessHeap () returned 0x570000 [0055.353] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.353] GetProcessHeap () returned 0x570000 [0055.353] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.353] GetProcessHeap () returned 0x570000 [0055.353] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.353] GetProcessHeap () returned 0x570000 [0055.354] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.354] GetProcessHeap () returned 0x570000 [0055.354] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.354] GetProcessHeap () returned 0x570000 [0055.354] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.354] GetProcessHeap () returned 0x570000 [0055.354] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.354] GetProcessHeap () returned 0x570000 [0055.354] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.354] GetProcessHeap () returned 0x570000 [0055.354] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.354] GetProcessHeap () returned 0x570000 [0055.354] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.354] GetProcessHeap () returned 0x570000 [0055.354] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.354] GetProcessHeap () returned 0x570000 [0055.355] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.355] GetProcessHeap () returned 0x570000 [0055.355] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.355] GetProcessHeap () returned 0x570000 [0055.355] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.355] GetProcessHeap () returned 0x570000 [0055.355] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.355] GetProcessHeap () returned 0x570000 [0055.355] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.355] GetProcessHeap () returned 0x570000 [0055.355] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.355] GetProcessHeap () returned 0x570000 [0055.355] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.355] GetProcessHeap () returned 0x570000 [0055.355] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.355] GetProcessHeap () returned 0x570000 [0055.355] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.356] GetProcessHeap () returned 0x570000 [0055.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.356] GetProcessHeap () returned 0x570000 [0055.356] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.356] GetProcessHeap () returned 0x570000 [0055.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.356] GetProcessHeap () returned 0x570000 [0055.356] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.356] GetProcessHeap () returned 0x570000 [0055.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.356] GetProcessHeap () returned 0x570000 [0055.356] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.356] GetProcessHeap () returned 0x570000 [0055.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.356] GetProcessHeap () returned 0x570000 [0055.356] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.357] GetProcessHeap () returned 0x570000 [0055.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.357] GetProcessHeap () returned 0x570000 [0055.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.357] GetProcessHeap () returned 0x570000 [0055.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.357] GetProcessHeap () returned 0x570000 [0055.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.357] GetProcessHeap () returned 0x570000 [0055.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.357] GetProcessHeap () returned 0x570000 [0055.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.357] GetProcessHeap () returned 0x570000 [0055.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.357] GetProcessHeap () returned 0x570000 [0055.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.358] GetProcessHeap () returned 0x570000 [0055.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.358] GetProcessHeap () returned 0x570000 [0055.358] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.358] GetProcessHeap () returned 0x570000 [0055.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.358] GetProcessHeap () returned 0x570000 [0055.358] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.358] GetProcessHeap () returned 0x570000 [0055.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.358] GetProcessHeap () returned 0x570000 [0055.361] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.361] GetProcessHeap () returned 0x570000 [0055.361] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.361] GetProcessHeap () returned 0x570000 [0055.361] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.361] GetProcessHeap () returned 0x570000 [0055.361] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.361] GetProcessHeap () returned 0x570000 [0055.361] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.361] GetProcessHeap () returned 0x570000 [0055.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.362] GetProcessHeap () returned 0x570000 [0055.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.362] GetProcessHeap () returned 0x570000 [0055.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.362] GetProcessHeap () returned 0x570000 [0055.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.362] GetProcessHeap () returned 0x570000 [0055.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.362] GetProcessHeap () returned 0x570000 [0055.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.362] GetProcessHeap () returned 0x570000 [0055.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.362] GetProcessHeap () returned 0x570000 [0055.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.362] GetProcessHeap () returned 0x570000 [0055.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.363] GetProcessHeap () returned 0x570000 [0055.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.363] GetProcessHeap () returned 0x570000 [0055.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.363] GetProcessHeap () returned 0x570000 [0055.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.363] GetProcessHeap () returned 0x570000 [0055.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.363] GetProcessHeap () returned 0x570000 [0055.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.363] GetProcessHeap () returned 0x570000 [0055.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.364] GetProcessHeap () returned 0x570000 [0055.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.364] GetProcessHeap () returned 0x570000 [0055.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.364] GetProcessHeap () returned 0x570000 [0055.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.364] GetProcessHeap () returned 0x570000 [0055.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.364] GetProcessHeap () returned 0x570000 [0055.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.364] GetProcessHeap () returned 0x570000 [0055.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.364] GetProcessHeap () returned 0x570000 [0055.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.367] GetProcessHeap () returned 0x570000 [0055.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.367] GetProcessHeap () returned 0x570000 [0055.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.367] GetProcessHeap () returned 0x570000 [0055.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.367] GetProcessHeap () returned 0x570000 [0055.367] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.367] GetProcessHeap () returned 0x570000 [0055.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924a0 | out: hHeap=0x570000) returned 1 [0055.368] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.368] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.368] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.368] CloseHandle (hObject=0x80) returned 1 [0055.372] GetProcessHeap () returned 0x570000 [0055.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0055.373] GetProcessHeap () returned 0x570000 [0055.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0055.373] GetProcessHeap () returned 0x570000 [0055.373] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0055.373] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Favorites\\desktop.ini") returned="C:\\Users\\Default\\Favorites\\desktop.ini" [0055.373] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\desktop.ini.{Killback@protonmail.com}KBK" [0055.373] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Favorites\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.374] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Favorites") returned 1 [0055.374] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\") returned="C:\\Users\\Default\\Favorites\\" [0055.374] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\decrypt_files.html" [0055.374] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\decrypt_files.html")) returned 0xffffffff [0055.374] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.374] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0055.374] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0055.375] CloseHandle (hObject=0x80) returned 1 [0055.376] GetProcessHeap () returned 0x570000 [0055.376] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.376] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0055.376] lstrcmpiW (lpString1="Links", lpString2=".") returned 1 [0055.376] lstrcmpiW (lpString1="Links", lpString2="..") returned 1 [0055.376] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Links" | out: lpString1="C:\\Users\\Default\\Favorites\\Links") returned="C:\\Users\\Default\\Favorites\\Links" [0055.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Links", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0055.376] GetProcessHeap () returned 0x570000 [0055.376] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x6) returned 0x58eeb0 [0055.376] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Links", cchWideChar=-1, lpMultiByteStr=0x58eeb0, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Links", lpUsedDefaultChar=0x0) returned 6 [0055.376] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0055.376] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0055.376] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0055.376] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0055.376] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0055.376] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0055.377] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0055.378] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0055.379] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0055.379] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0055.379] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0055.379] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Links", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0055.379] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0055.379] GetProcessHeap () returned 0x570000 [0055.379] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eec0 [0055.379] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Links\\") returned 33 [0055.379] GetProcessHeap () returned 0x570000 [0055.379] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x44) returned 0x589158 [0055.379] lstrcpyW (in: lpString1=0x589158, lpString2="C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0055.379] GetProcessHeap () returned 0x570000 [0055.379] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.379] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0055.379] lstrcmpiW (lpString1="Microsoft Websites", lpString2=".") returned 1 [0055.379] lstrcmpiW (lpString1="Microsoft Websites", lpString2="..") returned 1 [0055.379] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Microsoft Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites" [0055.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft Websites", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0055.380] GetProcessHeap () returned 0x570000 [0055.380] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x13) returned 0x58fdc0 [0055.380] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft Websites", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Websites", lpUsedDefaultChar=0x0) returned 19 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0055.380] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0055.381] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Websites", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0055.381] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0055.381] GetProcessHeap () returned 0x570000 [0055.381] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eeb0 [0055.381] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0055.381] GetProcessHeap () returned 0x570000 [0055.382] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5e) returned 0x5923a0 [0055.382] lstrcpyW (in: lpString1=0x5923a0, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0055.382] GetProcessHeap () returned 0x570000 [0055.382] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.382] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0055.382] lstrcmpiW (lpString1="MSN Websites", lpString2=".") returned 1 [0055.382] lstrcmpiW (lpString1="MSN Websites", lpString2="..") returned 1 [0055.382] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="MSN Websites" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites") returned="C:\\Users\\Default\\Favorites\\MSN Websites" [0055.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN Websites", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.382] GetProcessHeap () returned 0x570000 [0055.382] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0055.382] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN Websites", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Websites", lpUsedDefaultChar=0x0) returned 13 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0055.382] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0055.383] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0055.384] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0055.384] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0055.384] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0055.384] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0055.384] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="MSN Websites", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0055.384] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0055.384] GetProcessHeap () returned 0x570000 [0055.384] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eea0 [0055.384] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0055.384] GetProcessHeap () returned 0x570000 [0055.384] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x52) returned 0x592408 [0055.384] lstrcpyW (in: lpString1=0x592408, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0055.384] GetProcessHeap () returned 0x570000 [0055.384] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.384] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0055.384] lstrcmpiW (lpString1="Windows Live", lpString2=".") returned 1 [0055.384] lstrcmpiW (lpString1="Windows Live", lpString2="..") returned 1 [0055.384] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\", lpString2="Windows Live" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live") returned="C:\\Users\\Default\\Favorites\\Windows Live" [0055.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Windows Live", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0055.384] GetProcessHeap () returned 0x570000 [0055.384] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0055.384] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Windows Live", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows Live", lpUsedDefaultChar=0x0) returned 13 [0055.384] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 3 [0055.384] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0055.384] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0055.384] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 3 [0055.384] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0055.385] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0055.386] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Windows Live", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0055.386] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0055.386] GetProcessHeap () returned 0x570000 [0055.386] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eee0 [0055.386] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0055.386] GetProcessHeap () returned 0x570000 [0055.386] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x52) returned 0x592468 [0055.386] lstrcpyW (in: lpString1=0x592468, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0055.386] GetProcessHeap () returned 0x570000 [0055.386] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.386] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0055.386] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0055.387] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0055.387] GetProcessHeap () returned 0x570000 [0055.387] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0055.387] GetProcessHeap () returned 0x570000 [0055.387] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.387] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\") returned 40 [0055.387] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\*") returned="C:\\Users\\Default\\Favorites\\Windows Live\\*" [0055.387] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0055.389] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.389] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.389] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.389] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.389] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0055.389] lstrcmpiW (lpString1="Get Windows Live.url", lpString2=".") returned 1 [0055.389] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="..") returned 1 [0055.389] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="Get Windows Live.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" [0055.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get Windows Live.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 21 [0055.389] GetProcessHeap () returned 0x570000 [0055.389] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x15) returned 0x58fdc0 [0055.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get Windows Live.url", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=21, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get Windows Live.url", lpUsedDefaultChar=0x0) returned 21 [0055.389] lstrlenA (lpString="Get Windows Live.url") returned 20 [0055.389] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.389] lstrlenA (lpString="Get Windows Live.url") returned 20 [0055.389] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.389] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="decrypt_files.html") returned 1 [0055.389] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.389] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.389] lstrcmpiW (lpString1="Get Windows Live.url", lpString2="sihvgt.exe") returned -1 [0055.389] _alloca_probe () returned 0x40908b [0055.389] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 61 [0055.389] GetProcessHeap () returned 0x570000 [0055.390] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3d) returned 0x5876f8 [0055.390] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", cchWideChar=-1, lpMultiByteStr=0x5876f8, cbMultiByte=61, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", lpUsedDefaultChar=0x0) returned 61 [0055.390] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.390] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{51C2A7E3-C9CC-4C64-A2E1-3202B7573479}") returned 38 [0055.390] lstrlenA (lpString="{51C2A7E3-C9CC-4C64-A2E1-3202B7573479}") returned 38 [0055.390] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.391] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.391] lstrlenA (lpString="{51C2A7E3-C9CC-4C64-A2E1-3202B7573479}") returned 38 [0055.391] GetProcessHeap () returned 0x570000 [0055.391] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592468 [0055.391] GetProcessHeap () returned 0x570000 [0055.391] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e0 [0055.391] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned 60 [0055.406] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.407] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.408] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.408] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.408] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.408] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.408] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.408] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593590) returned 1 [0055.409] CryptGenRandom (in: hProv=0x593590, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.409] CryptReleaseContext (hProv=0x593590, dwFlags=0x0) returned 1 [0055.409] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.409] GetProcessHeap () returned 0x570000 [0055.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.409] lstrlenA (lpString="010001") returned 6 [0055.409] GetProcessHeap () returned 0x570000 [0055.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0055.409] GetProcessHeap () returned 0x570000 [0055.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0055.409] GetProcessHeap () returned 0x570000 [0055.409] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.409] GetProcessHeap () returned 0x570000 [0055.409] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef00 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5936a0 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.410] GetProcessHeap () returned 0x570000 [0055.410] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.411] GetProcessHeap () returned 0x570000 [0055.411] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.411] GetProcessHeap () returned 0x570000 [0055.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.412] GetProcessHeap () returned 0x570000 [0055.412] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.412] GetProcessHeap () returned 0x570000 [0055.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.413] GetProcessHeap () returned 0x570000 [0055.413] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.414] GetProcessHeap () returned 0x570000 [0055.414] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.415] GetProcessHeap () returned 0x570000 [0055.415] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.415] GetProcessHeap () returned 0x570000 [0055.416] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.416] GetProcessHeap () returned 0x570000 [0055.416] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.417] GetProcessHeap () returned 0x570000 [0055.417] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5936a0 | out: hHeap=0x570000) returned 1 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.418] GetProcessHeap () returned 0x570000 [0055.418] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.419] GetProcessHeap () returned 0x570000 [0055.419] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.419] GetProcessHeap () returned 0x570000 [0055.419] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.419] GetProcessHeap () returned 0x570000 [0055.419] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.419] GetProcessHeap () returned 0x570000 [0055.419] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.419] GetProcessHeap () returned 0x570000 [0055.419] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.419] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.419] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.419] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.419] CloseHandle (hObject=0x80) returned 1 [0055.428] GetProcessHeap () returned 0x570000 [0055.428] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0055.428] GetProcessHeap () returned 0x570000 [0055.428] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0055.428] GetProcessHeap () returned 0x570000 [0055.428] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e0 | out: hHeap=0x570000) returned 1 [0055.429] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" [0055.429] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.{Killback@protonmail.com}KBK" [0055.429] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\windows live\\get windows live.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.429] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Windows Live\\Get Windows Live.url" | out: pszPath="C:\\Users\\Default\\Favorites\\Windows Live") returned 1 [0055.429] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0055.429] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html" [0055.429] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\windows live\\decrypt_files.html")) returned 0xffffffff [0055.429] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\windows live\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.430] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0055.430] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0055.431] CloseHandle (hObject=0x80) returned 1 [0055.431] GetProcessHeap () returned 0x570000 [0055.431] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.431] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0055.431] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2=".") returned 1 [0055.431] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="..") returned 1 [0055.431] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="Windows Live Gallery.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" [0055.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Windows Live Gallery.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0055.431] GetProcessHeap () returned 0x570000 [0055.431] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x19) returned 0x590698 [0055.431] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Windows Live Gallery.url", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows Live Gallery.url", lpUsedDefaultChar=0x0) returned 25 [0055.431] lstrlenA (lpString="Windows Live Gallery.url") returned 24 [0055.431] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.432] lstrlenA (lpString="Windows Live Gallery.url") returned 24 [0055.432] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.432] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="decrypt_files.html") returned 1 [0055.432] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.432] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.432] lstrcmpiW (lpString1="Windows Live Gallery.url", lpString2="sihvgt.exe") returned 1 [0055.432] _alloca_probe () returned 0x40908b [0055.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0055.432] GetProcessHeap () returned 0x570000 [0055.432] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x41) returned 0x5894c8 [0055.432] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", cchWideChar=-1, lpMultiByteStr=0x5894c8, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", lpUsedDefaultChar=0x0) returned 65 [0055.432] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.432] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{0919BC9C-600B-403B-AB5C-7C448CDEC0D0}") returned 38 [0055.432] lstrlenA (lpString="{0919BC9C-600B-403B-AB5C-7C448CDEC0D0}") returned 38 [0055.432] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.433] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.433] lstrlenA (lpString="{0919BC9C-600B-403B-AB5C-7C448CDEC0D0}") returned 38 [0055.433] GetProcessHeap () returned 0x570000 [0055.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592468 [0055.433] GetProcessHeap () returned 0x570000 [0055.433] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e0 [0055.433] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned 64 [0055.446] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.447] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.448] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.448] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.448] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.448] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.448] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.448] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593590) returned 1 [0055.449] CryptGenRandom (in: hProv=0x593590, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.449] CryptReleaseContext (hProv=0x593590, dwFlags=0x0) returned 1 [0055.449] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.449] GetProcessHeap () returned 0x570000 [0055.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.449] lstrlenA (lpString="010001") returned 6 [0055.449] GetProcessHeap () returned 0x570000 [0055.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0055.449] GetProcessHeap () returned 0x570000 [0055.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0055.449] GetProcessHeap () returned 0x570000 [0055.449] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.449] GetProcessHeap () returned 0x570000 [0055.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5936a0 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.450] GetProcessHeap () returned 0x570000 [0055.450] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.450] GetProcessHeap () returned 0x570000 [0055.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.451] GetProcessHeap () returned 0x570000 [0055.451] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.451] GetProcessHeap () returned 0x570000 [0055.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.452] GetProcessHeap () returned 0x570000 [0055.452] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.452] GetProcessHeap () returned 0x570000 [0055.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.453] GetProcessHeap () returned 0x570000 [0055.453] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.453] GetProcessHeap () returned 0x570000 [0055.454] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.454] GetProcessHeap () returned 0x570000 [0055.454] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.454] GetProcessHeap () returned 0x570000 [0055.455] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.455] GetProcessHeap () returned 0x570000 [0055.455] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.455] GetProcessHeap () returned 0x570000 [0055.456] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.456] GetProcessHeap () returned 0x570000 [0055.456] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.456] GetProcessHeap () returned 0x570000 [0055.457] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.457] GetProcessHeap () returned 0x570000 [0055.457] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.457] GetProcessHeap () returned 0x570000 [0055.458] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5936a0 | out: hHeap=0x570000) returned 1 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.458] GetProcessHeap () returned 0x570000 [0055.458] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.459] GetProcessHeap () returned 0x570000 [0055.459] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.459] GetProcessHeap () returned 0x570000 [0055.459] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.459] GetProcessHeap () returned 0x570000 [0055.459] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.459] GetProcessHeap () returned 0x570000 [0055.459] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.459] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.459] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.459] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.459] CloseHandle (hObject=0x80) returned 1 [0055.472] GetProcessHeap () returned 0x570000 [0055.472] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5894c8 | out: hHeap=0x570000) returned 1 [0055.472] GetProcessHeap () returned 0x570000 [0055.472] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0055.472] GetProcessHeap () returned 0x570000 [0055.472] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e0 | out: hHeap=0x570000) returned 1 [0055.472] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" [0055.472] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.{Killback@protonmail.com}KBK" [0055.472] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live gallery.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.473] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Gallery.url" | out: pszPath="C:\\Users\\Default\\Favorites\\Windows Live") returned 1 [0055.473] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0055.473] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html" [0055.473] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\windows live\\decrypt_files.html")) returned 0x20 [0055.473] GetProcessHeap () returned 0x570000 [0055.473] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0055.473] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0055.473] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2=".") returned 1 [0055.473] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="..") returned 1 [0055.473] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="Windows Live Mail.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" [0055.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Windows Live Mail.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.473] GetProcessHeap () returned 0x570000 [0055.473] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x58fdc0 [0055.473] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Windows Live Mail.url", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows Live Mail.url", lpUsedDefaultChar=0x0) returned 22 [0055.473] lstrlenA (lpString="Windows Live Mail.url") returned 21 [0055.473] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.474] lstrlenA (lpString="Windows Live Mail.url") returned 21 [0055.474] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.474] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="decrypt_files.html") returned 1 [0055.474] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.474] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.474] lstrcmpiW (lpString1="Windows Live Mail.url", lpString2="sihvgt.exe") returned 1 [0055.474] _alloca_probe () returned 0x40908b [0055.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0055.474] GetProcessHeap () returned 0x570000 [0055.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3e) returned 0x5876f8 [0055.474] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", cchWideChar=-1, lpMultiByteStr=0x5876f8, cbMultiByte=62, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", lpUsedDefaultChar=0x0) returned 62 [0055.474] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.474] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{8DFB1062-900E-4F3B-BA5A-019D8D6FEF3E}") returned 38 [0055.474] lstrlenA (lpString="{8DFB1062-900E-4F3B-BA5A-019D8D6FEF3E}") returned 38 [0055.474] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.474] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.474] lstrlenA (lpString="{8DFB1062-900E-4F3B-BA5A-019D8D6FEF3E}") returned 38 [0055.474] GetProcessHeap () returned 0x570000 [0055.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592468 [0055.474] GetProcessHeap () returned 0x570000 [0055.474] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e0 [0055.474] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned 61 [0055.487] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.488] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.488] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.488] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.488] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.488] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.488] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.488] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593590) returned 1 [0055.490] CryptGenRandom (in: hProv=0x593590, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.490] CryptReleaseContext (hProv=0x593590, dwFlags=0x0) returned 1 [0055.490] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.490] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.491] lstrlenA (lpString="010001") returned 6 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef00 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5936a0 [0055.491] GetProcessHeap () returned 0x570000 [0055.491] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.491] GetProcessHeap () returned 0x570000 [0055.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.492] GetProcessHeap () returned 0x570000 [0055.492] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.493] GetProcessHeap () returned 0x570000 [0055.493] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.494] GetProcessHeap () returned 0x570000 [0055.494] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.494] GetProcessHeap () returned 0x570000 [0055.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.495] GetProcessHeap () returned 0x570000 [0055.495] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.495] GetProcessHeap () returned 0x570000 [0055.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.496] GetProcessHeap () returned 0x570000 [0055.496] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.497] GetProcessHeap () returned 0x570000 [0055.497] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.497] GetProcessHeap () returned 0x570000 [0055.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.498] GetProcessHeap () returned 0x570000 [0055.498] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.498] GetProcessHeap () returned 0x570000 [0055.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.499] GetProcessHeap () returned 0x570000 [0055.499] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.500] GetProcessHeap () returned 0x570000 [0055.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5936a0 | out: hHeap=0x570000) returned 1 [0055.500] GetProcessHeap () returned 0x570000 [0055.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.500] GetProcessHeap () returned 0x570000 [0055.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.500] GetProcessHeap () returned 0x570000 [0055.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.500] GetProcessHeap () returned 0x570000 [0055.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.500] GetProcessHeap () returned 0x570000 [0055.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.500] GetProcessHeap () returned 0x570000 [0055.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.500] GetProcessHeap () returned 0x570000 [0055.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.500] GetProcessHeap () returned 0x570000 [0055.500] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.500] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.500] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.500] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.501] CloseHandle (hObject=0x80) returned 1 [0055.504] GetProcessHeap () returned 0x570000 [0055.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0055.504] GetProcessHeap () returned 0x570000 [0055.504] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0055.504] GetProcessHeap () returned 0x570000 [0055.505] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e0 | out: hHeap=0x570000) returned 1 [0055.505] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" [0055.505] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.{Killback@protonmail.com}KBK" [0055.505] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live mail.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.505] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Mail.url" | out: pszPath="C:\\Users\\Default\\Favorites\\Windows Live") returned 1 [0055.505] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0055.505] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html" [0055.506] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\windows live\\decrypt_files.html")) returned 0x20 [0055.506] GetProcessHeap () returned 0x570000 [0055.506] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.506] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0055.506] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2=".") returned 1 [0055.506] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="..") returned 1 [0055.506] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="Windows Live Spaces.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" [0055.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Windows Live Spaces.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0055.506] GetProcessHeap () returned 0x570000 [0055.506] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x18) returned 0x58fdc0 [0055.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Windows Live Spaces.url", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Windows Live Spaces.url", lpUsedDefaultChar=0x0) returned 24 [0055.506] lstrlenA (lpString="Windows Live Spaces.url") returned 23 [0055.506] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.506] lstrlenA (lpString="Windows Live Spaces.url") returned 23 [0055.506] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.506] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="decrypt_files.html") returned 1 [0055.506] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.506] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.506] lstrcmpiW (lpString1="Windows Live Spaces.url", lpString2="sihvgt.exe") returned 1 [0055.506] _alloca_probe () returned 0x40908b [0055.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 64 [0055.506] GetProcessHeap () returned 0x570000 [0055.506] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x5876f8 [0055.506] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", cchWideChar=-1, lpMultiByteStr=0x5876f8, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", lpUsedDefaultChar=0x0) returned 64 [0055.506] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.507] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{FA9B2EB4-12FF-4970-AF2B-61C2A28D6268}") returned 38 [0055.507] lstrlenA (lpString="{FA9B2EB4-12FF-4970-AF2B-61C2A28D6268}") returned 38 [0055.507] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.507] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.507] lstrlenA (lpString="{FA9B2EB4-12FF-4970-AF2B-61C2A28D6268}") returned 38 [0055.507] GetProcessHeap () returned 0x570000 [0055.507] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592468 [0055.507] GetProcessHeap () returned 0x570000 [0055.507] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e0 [0055.507] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned 63 [0055.521] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.522] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.522] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.522] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.522] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.522] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.523] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.523] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x593590) returned 1 [0055.524] CryptGenRandom (in: hProv=0x593590, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.524] CryptReleaseContext (hProv=0x593590, dwFlags=0x0) returned 1 [0055.524] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.524] lstrlenA (lpString="010001") returned 6 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.524] GetProcessHeap () returned 0x570000 [0055.524] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593618 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x5936a0 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.525] GetProcessHeap () returned 0x570000 [0055.525] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.525] GetProcessHeap () returned 0x570000 [0055.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.526] GetProcessHeap () returned 0x570000 [0055.526] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.527] GetProcessHeap () returned 0x570000 [0055.527] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.528] GetProcessHeap () returned 0x570000 [0055.528] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.529] GetProcessHeap () returned 0x570000 [0055.529] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.530] GetProcessHeap () returned 0x570000 [0055.530] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.531] GetProcessHeap () returned 0x570000 [0055.531] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.532] GetProcessHeap () returned 0x570000 [0055.532] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5936a0 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.533] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.533] GetProcessHeap () returned 0x570000 [0055.534] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.534] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.534] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.534] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.534] CloseHandle (hObject=0x80) returned 1 [0055.536] GetProcessHeap () returned 0x570000 [0055.536] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0055.536] GetProcessHeap () returned 0x570000 [0055.536] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0055.537] GetProcessHeap () returned 0x570000 [0055.537] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e0 | out: hHeap=0x570000) returned 1 [0055.537] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" [0055.537] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.{Killback@protonmail.com}KBK" [0055.537] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\windows live\\windows live spaces.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.538] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Windows Live\\Windows Live Spaces.url" | out: pszPath="C:\\Users\\Default\\Favorites\\Windows Live") returned 1 [0055.538] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\") returned="C:\\Users\\Default\\Favorites\\Windows Live\\" [0055.538] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html" [0055.539] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Windows Live\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\windows live\\decrypt_files.html")) returned 0x20 [0055.539] GetProcessHeap () returned 0x570000 [0055.539] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.539] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 0 [0055.539] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0055.539] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0055.539] GetProcessHeap () returned 0x570000 [0055.539] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592408 | out: hHeap=0x570000) returned 1 [0055.539] GetProcessHeap () returned 0x570000 [0055.540] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.540] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned 40 [0055.540] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\*") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\*" [0055.540] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0055.545] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.545] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.545] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.545] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.545] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0055.545] lstrcmpiW (lpString1="MSN Autos.url", lpString2=".") returned 1 [0055.545] lstrcmpiW (lpString1="MSN Autos.url", lpString2="..") returned 1 [0055.545] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSN Autos.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" [0055.545] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN Autos.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.545] GetProcessHeap () returned 0x570000 [0055.545] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xe) returned 0x590f68 [0055.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN Autos.url", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Autos.url", lpUsedDefaultChar=0x0) returned 14 [0055.546] lstrlenA (lpString="MSN Autos.url") returned 13 [0055.546] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.546] lstrlenA (lpString="MSN Autos.url") returned 13 [0055.546] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.546] lstrcmpiW (lpString1="MSN Autos.url", lpString2="decrypt_files.html") returned 1 [0055.546] lstrcmpiW (lpString1="MSN Autos.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.546] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.546] lstrcmpiW (lpString1="MSN Autos.url", lpString2="sihvgt.exe") returned -1 [0055.546] _alloca_probe () returned 0x40908b [0055.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0055.546] GetProcessHeap () returned 0x570000 [0055.546] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x5925e8 [0055.546] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", cchWideChar=-1, lpMultiByteStr=0x5925e8, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", lpUsedDefaultChar=0x0) returned 54 [0055.546] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.546] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{95CD4513-DC2D-4969-BBD0-894C99B3240D}") returned 38 [0055.546] lstrlenA (lpString="{95CD4513-DC2D-4969-BBD0-894C99B3240D}") returned 38 [0055.546] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.546] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.546] lstrlenA (lpString="{95CD4513-DC2D-4969-BBD0-894C99B3240D}") returned 38 [0055.546] GetProcessHeap () returned 0x570000 [0055.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592408 [0055.547] GetProcessHeap () returned 0x570000 [0055.547] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592480 [0055.547] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned 53 [0055.555] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.556] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.556] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.556] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.556] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.556] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.556] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.556] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592508) returned 1 [0055.557] CryptGenRandom (in: hProv=0x592508, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.557] CryptReleaseContext (hProv=0x592508, dwFlags=0x0) returned 1 [0055.557] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.557] GetProcessHeap () returned 0x570000 [0055.557] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592508 [0055.557] lstrlenA (lpString="010001") returned 6 [0055.557] GetProcessHeap () returned 0x570000 [0055.557] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.557] GetProcessHeap () returned 0x570000 [0055.557] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.557] GetProcessHeap () returned 0x570000 [0055.557] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.557] GetProcessHeap () returned 0x570000 [0055.557] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.557] GetProcessHeap () returned 0x570000 [0055.557] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.557] GetProcessHeap () returned 0x570000 [0055.557] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.557] GetProcessHeap () returned 0x570000 [0055.557] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0055.557] GetProcessHeap () returned 0x570000 [0055.557] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.557] GetProcessHeap () returned 0x570000 [0055.558] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593618 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0055.558] GetProcessHeap () returned 0x570000 [0055.558] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.559] GetProcessHeap () returned 0x570000 [0055.559] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.560] GetProcessHeap () returned 0x570000 [0055.560] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.561] GetProcessHeap () returned 0x570000 [0055.561] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.561] GetProcessHeap () returned 0x570000 [0055.562] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.562] GetProcessHeap () returned 0x570000 [0055.562] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.562] GetProcessHeap () returned 0x570000 [0055.563] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.563] GetProcessHeap () returned 0x570000 [0055.563] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.563] GetProcessHeap () returned 0x570000 [0055.564] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.564] GetProcessHeap () returned 0x570000 [0055.564] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.565] GetProcessHeap () returned 0x570000 [0055.565] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.565] GetProcessHeap () returned 0x570000 [0055.565] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.565] GetProcessHeap () returned 0x570000 [0055.565] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.565] GetProcessHeap () returned 0x570000 [0055.565] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.565] GetProcessHeap () returned 0x570000 [0055.565] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.565] GetProcessHeap () returned 0x570000 [0055.565] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592508 | out: hHeap=0x570000) returned 1 [0055.565] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.565] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.565] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.565] CloseHandle (hObject=0x80) returned 1 [0055.567] GetProcessHeap () returned 0x570000 [0055.567] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e8 | out: hHeap=0x570000) returned 1 [0055.567] GetProcessHeap () returned 0x570000 [0055.567] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592408 | out: hHeap=0x570000) returned 1 [0055.567] GetProcessHeap () returned 0x570000 [0055.567] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592480 | out: hHeap=0x570000) returned 1 [0055.567] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" [0055.567] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.{Killback@protonmail.com}KBK" [0055.567] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn autos.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.568] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Autos.url" | out: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned 1 [0055.568] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0055.568] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" [0055.568] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\msn websites\\decrypt_files.html")) returned 0xffffffff [0055.568] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\msn websites\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.568] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0055.568] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0055.569] CloseHandle (hObject=0x80) returned 1 [0055.569] GetProcessHeap () returned 0x570000 [0055.569] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.569] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0055.569] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2=".") returned 1 [0055.569] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="..") returned 1 [0055.569] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSN Entertainment.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN Entertainment.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.570] GetProcessHeap () returned 0x570000 [0055.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x58fdc0 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN Entertainment.url", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Entertainment.url", lpUsedDefaultChar=0x0) returned 22 [0055.570] lstrlenA (lpString="MSN Entertainment.url") returned 21 [0055.570] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.570] lstrlenA (lpString="MSN Entertainment.url") returned 21 [0055.570] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.570] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="decrypt_files.html") returned 1 [0055.570] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.570] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.570] lstrcmpiW (lpString1="MSN Entertainment.url", lpString2="sihvgt.exe") returned -1 [0055.570] _alloca_probe () returned 0x40908b [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 62 [0055.570] GetProcessHeap () returned 0x570000 [0055.570] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3e) returned 0x5876f8 [0055.570] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", cchWideChar=-1, lpMultiByteStr=0x5876f8, cbMultiByte=62, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", lpUsedDefaultChar=0x0) returned 62 [0055.570] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.570] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{D2FF6DFE-E7DD-451C-95E0-E08187A432CE}") returned 38 [0055.570] lstrlenA (lpString="{D2FF6DFE-E7DD-451C-95E0-E08187A432CE}") returned 38 [0055.570] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.571] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.571] lstrlenA (lpString="{D2FF6DFE-E7DD-451C-95E0-E08187A432CE}") returned 38 [0055.571] GetProcessHeap () returned 0x570000 [0055.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592408 [0055.571] GetProcessHeap () returned 0x570000 [0055.571] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592480 [0055.571] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned 61 [0055.578] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.579] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.579] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.579] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.579] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.579] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.579] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.579] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592508) returned 1 [0055.580] CryptGenRandom (in: hProv=0x592508, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.580] CryptReleaseContext (hProv=0x592508, dwFlags=0x0) returned 1 [0055.580] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.580] GetProcessHeap () returned 0x570000 [0055.580] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592508 [0055.580] lstrlenA (lpString="010001") returned 6 [0055.580] GetProcessHeap () returned 0x570000 [0055.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.581] GetProcessHeap () returned 0x570000 [0055.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.581] GetProcessHeap () returned 0x570000 [0055.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.581] GetProcessHeap () returned 0x570000 [0055.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.581] GetProcessHeap () returned 0x570000 [0055.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.581] GetProcessHeap () returned 0x570000 [0055.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.581] GetProcessHeap () returned 0x570000 [0055.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef00 [0055.581] GetProcessHeap () returned 0x570000 [0055.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.581] GetProcessHeap () returned 0x570000 [0055.581] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.581] GetProcessHeap () returned 0x570000 [0055.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.581] GetProcessHeap () returned 0x570000 [0055.581] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.581] GetProcessHeap () returned 0x570000 [0055.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593618 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.582] GetProcessHeap () returned 0x570000 [0055.582] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.583] GetProcessHeap () returned 0x570000 [0055.583] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.583] GetProcessHeap () returned 0x570000 [0055.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.584] GetProcessHeap () returned 0x570000 [0055.584] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.584] GetProcessHeap () returned 0x570000 [0055.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.585] GetProcessHeap () returned 0x570000 [0055.585] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.585] GetProcessHeap () returned 0x570000 [0055.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.586] GetProcessHeap () returned 0x570000 [0055.586] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.587] GetProcessHeap () returned 0x570000 [0055.587] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.588] GetProcessHeap () returned 0x570000 [0055.588] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.588] GetProcessHeap () returned 0x570000 [0055.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.589] GetProcessHeap () returned 0x570000 [0055.589] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.590] GetProcessHeap () returned 0x570000 [0055.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.590] GetProcessHeap () returned 0x570000 [0055.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.590] GetProcessHeap () returned 0x570000 [0055.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.590] GetProcessHeap () returned 0x570000 [0055.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.590] GetProcessHeap () returned 0x570000 [0055.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.590] GetProcessHeap () returned 0x570000 [0055.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.590] GetProcessHeap () returned 0x570000 [0055.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.590] GetProcessHeap () returned 0x570000 [0055.590] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592508 | out: hHeap=0x570000) returned 1 [0055.590] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.590] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.590] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.590] CloseHandle (hObject=0x80) returned 1 [0055.592] GetProcessHeap () returned 0x570000 [0055.592] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0055.592] GetProcessHeap () returned 0x570000 [0055.592] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592408 | out: hHeap=0x570000) returned 1 [0055.592] GetProcessHeap () returned 0x570000 [0055.592] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592480 | out: hHeap=0x570000) returned 1 [0055.592] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" [0055.592] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.{Killback@protonmail.com}KBK" [0055.592] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn entertainment.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.593] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Entertainment.url" | out: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned 1 [0055.593] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0055.593] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" [0055.593] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\msn websites\\decrypt_files.html")) returned 0x20 [0055.593] GetProcessHeap () returned 0x570000 [0055.593] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.593] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0055.593] lstrcmpiW (lpString1="MSN Money.url", lpString2=".") returned 1 [0055.593] lstrcmpiW (lpString1="MSN Money.url", lpString2="..") returned 1 [0055.593] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSN Money.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" [0055.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN Money.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0055.593] GetProcessHeap () returned 0x570000 [0055.593] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xe) returned 0x590f68 [0055.593] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN Money.url", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Money.url", lpUsedDefaultChar=0x0) returned 14 [0055.593] lstrlenA (lpString="MSN Money.url") returned 13 [0055.593] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.593] lstrlenA (lpString="MSN Money.url") returned 13 [0055.593] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.593] lstrcmpiW (lpString1="MSN Money.url", lpString2="decrypt_files.html") returned 1 [0055.594] lstrcmpiW (lpString1="MSN Money.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.594] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.594] lstrcmpiW (lpString1="MSN Money.url", lpString2="sihvgt.exe") returned -1 [0055.594] _alloca_probe () returned 0x40908b [0055.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 54 [0055.594] GetProcessHeap () returned 0x570000 [0055.594] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x5925e8 [0055.594] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", cchWideChar=-1, lpMultiByteStr=0x5925e8, cbMultiByte=54, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", lpUsedDefaultChar=0x0) returned 54 [0055.594] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.594] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{029ADE4E-5A18-4934-BA30-4420B5F47C9B}") returned 38 [0055.594] lstrlenA (lpString="{029ADE4E-5A18-4934-BA30-4420B5F47C9B}") returned 38 [0055.594] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.594] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.594] lstrlenA (lpString="{029ADE4E-5A18-4934-BA30-4420B5F47C9B}") returned 38 [0055.594] GetProcessHeap () returned 0x570000 [0055.594] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592408 [0055.594] GetProcessHeap () returned 0x570000 [0055.594] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592480 [0055.594] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned 53 [0055.605] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.607] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.607] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.607] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.607] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.607] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.607] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.607] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592508) returned 1 [0055.608] CryptGenRandom (in: hProv=0x592508, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.608] CryptReleaseContext (hProv=0x592508, dwFlags=0x0) returned 1 [0055.608] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.608] GetProcessHeap () returned 0x570000 [0055.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592508 [0055.608] lstrlenA (lpString="010001") returned 6 [0055.608] GetProcessHeap () returned 0x570000 [0055.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.608] GetProcessHeap () returned 0x570000 [0055.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.608] GetProcessHeap () returned 0x570000 [0055.608] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593590 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593618 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593590 | out: hHeap=0x570000) returned 1 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.609] GetProcessHeap () returned 0x570000 [0055.609] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.609] GetProcessHeap () returned 0x570000 [0055.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.610] GetProcessHeap () returned 0x570000 [0055.610] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.611] GetProcessHeap () returned 0x570000 [0055.611] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.612] GetProcessHeap () returned 0x570000 [0055.612] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.612] GetProcessHeap () returned 0x570000 [0055.613] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.613] GetProcessHeap () returned 0x570000 [0055.613] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.613] GetProcessHeap () returned 0x570000 [0055.614] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.614] GetProcessHeap () returned 0x570000 [0055.614] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.614] GetProcessHeap () returned 0x570000 [0055.615] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.615] GetProcessHeap () returned 0x570000 [0055.615] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.616] GetProcessHeap () returned 0x570000 [0055.616] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.616] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.617] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.617] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593618 | out: hHeap=0x570000) returned 1 [0055.617] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.617] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.617] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.617] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.617] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.617] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.617] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.617] GetProcessHeap () returned 0x570000 [0055.617] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592508 | out: hHeap=0x570000) returned 1 [0055.617] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.617] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.617] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.618] CloseHandle (hObject=0x80) returned 1 [0055.618] GetProcessHeap () returned 0x570000 [0055.618] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e8 | out: hHeap=0x570000) returned 1 [0055.618] GetProcessHeap () returned 0x570000 [0055.618] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592408 | out: hHeap=0x570000) returned 1 [0055.618] GetProcessHeap () returned 0x570000 [0055.619] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592480 | out: hHeap=0x570000) returned 1 [0055.619] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" [0055.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.{Killback@protonmail.com}KBK" [0055.619] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn money.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.619] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Money.url" | out: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned 1 [0055.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0055.619] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" [0055.619] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\msn websites\\decrypt_files.html")) returned 0x20 [0055.620] GetProcessHeap () returned 0x570000 [0055.621] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.621] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0055.621] lstrcmpiW (lpString1="MSN Sports.url", lpString2=".") returned 1 [0055.621] lstrcmpiW (lpString1="MSN Sports.url", lpString2="..") returned 1 [0055.621] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSN Sports.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" [0055.621] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN Sports.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0055.621] GetProcessHeap () returned 0x570000 [0055.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590f68 [0055.621] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN Sports.url", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN Sports.url", lpUsedDefaultChar=0x0) returned 15 [0055.621] lstrlenA (lpString="MSN Sports.url") returned 14 [0055.621] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.621] lstrlenA (lpString="MSN Sports.url") returned 14 [0055.621] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.621] lstrcmpiW (lpString1="MSN Sports.url", lpString2="decrypt_files.html") returned 1 [0055.621] lstrcmpiW (lpString1="MSN Sports.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.621] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.621] lstrcmpiW (lpString1="MSN Sports.url", lpString2="sihvgt.exe") returned -1 [0055.621] _alloca_probe () returned 0x40908b [0055.621] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0055.621] GetProcessHeap () returned 0x570000 [0055.621] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x37) returned 0x5925e8 [0055.621] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", cchWideChar=-1, lpMultiByteStr=0x5925e8, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", lpUsedDefaultChar=0x0) returned 55 [0055.621] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.621] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{FB3D99FC-9DE5-413B-8E40-812F854FC64B}") returned 38 [0055.621] lstrlenA (lpString="{FB3D99FC-9DE5-413B-8E40-812F854FC64B}") returned 38 [0055.622] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.622] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.622] lstrlenA (lpString="{FB3D99FC-9DE5-413B-8E40-812F854FC64B}") returned 38 [0055.622] GetProcessHeap () returned 0x570000 [0055.622] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592408 [0055.622] GetProcessHeap () returned 0x570000 [0055.622] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592480 [0055.622] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned 54 [0055.635] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.636] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.636] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.636] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.636] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.637] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.637] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.637] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592508) returned 1 [0055.638] CryptGenRandom (in: hProv=0x592508, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.638] CryptReleaseContext (hProv=0x592508, dwFlags=0x0) returned 1 [0055.638] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592508 [0055.638] lstrlenA (lpString="010001") returned 6 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef00 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.638] GetProcessHeap () returned 0x570000 [0055.638] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.638] GetProcessHeap () returned 0x570000 [0055.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593e18 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.639] GetProcessHeap () returned 0x570000 [0055.639] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.640] GetProcessHeap () returned 0x570000 [0055.640] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.640] GetProcessHeap () returned 0x570000 [0055.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.641] GetProcessHeap () returned 0x570000 [0055.641] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.642] GetProcessHeap () returned 0x570000 [0055.642] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.642] GetProcessHeap () returned 0x570000 [0055.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.643] GetProcessHeap () returned 0x570000 [0055.643] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.644] GetProcessHeap () returned 0x570000 [0055.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.644] GetProcessHeap () returned 0x570000 [0055.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.644] GetProcessHeap () returned 0x570000 [0055.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.644] GetProcessHeap () returned 0x570000 [0055.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.644] GetProcessHeap () returned 0x570000 [0055.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.644] GetProcessHeap () returned 0x570000 [0055.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.644] GetProcessHeap () returned 0x570000 [0055.644] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.644] GetProcessHeap () returned 0x570000 [0055.644] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.644] GetProcessHeap () returned 0x570000 [0055.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.645] GetProcessHeap () returned 0x570000 [0055.645] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.645] GetProcessHeap () returned 0x570000 [0055.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.646] GetProcessHeap () returned 0x570000 [0055.646] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.646] GetProcessHeap () returned 0x570000 [0055.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.647] GetProcessHeap () returned 0x570000 [0055.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593e18 | out: hHeap=0x570000) returned 1 [0055.647] GetProcessHeap () returned 0x570000 [0055.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.647] GetProcessHeap () returned 0x570000 [0055.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.647] GetProcessHeap () returned 0x570000 [0055.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.647] GetProcessHeap () returned 0x570000 [0055.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.647] GetProcessHeap () returned 0x570000 [0055.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.647] GetProcessHeap () returned 0x570000 [0055.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.647] GetProcessHeap () returned 0x570000 [0055.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.647] GetProcessHeap () returned 0x570000 [0055.647] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592508 | out: hHeap=0x570000) returned 1 [0055.647] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.647] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.647] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.648] CloseHandle (hObject=0x80) returned 1 [0055.652] GetProcessHeap () returned 0x570000 [0055.652] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e8 | out: hHeap=0x570000) returned 1 [0055.652] GetProcessHeap () returned 0x570000 [0055.652] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592408 | out: hHeap=0x570000) returned 1 [0055.652] GetProcessHeap () returned 0x570000 [0055.652] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592480 | out: hHeap=0x570000) returned 1 [0055.652] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" [0055.652] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.{Killback@protonmail.com}KBK" [0055.652] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn sports.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.653] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN Sports.url" | out: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned 1 [0055.653] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0055.653] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" [0055.653] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\msn websites\\decrypt_files.html")) returned 0x20 [0055.653] GetProcessHeap () returned 0x570000 [0055.653] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.653] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0055.653] lstrcmpiW (lpString1="MSN.url", lpString2=".") returned 1 [0055.653] lstrcmpiW (lpString1="MSN.url", lpString2="..") returned 1 [0055.653] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSN.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" [0055.653] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0055.653] GetProcessHeap () returned 0x570000 [0055.654] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eea0 [0055.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSN.url", cchWideChar=-1, lpMultiByteStr=0x58eea0, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSN.url", lpUsedDefaultChar=0x0) returned 8 [0055.654] lstrlenA (lpString="MSN.url") returned 7 [0055.654] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.654] lstrlenA (lpString="MSN.url") returned 7 [0055.654] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.654] lstrcmpiW (lpString1="MSN.url", lpString2="decrypt_files.html") returned 1 [0055.654] lstrcmpiW (lpString1="MSN.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.654] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.654] lstrcmpiW (lpString1="MSN.url", lpString2="sihvgt.exe") returned -1 [0055.654] _alloca_probe () returned 0x40908b [0055.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0055.654] GetProcessHeap () returned 0x570000 [0055.654] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x5935a8 [0055.654] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", cchWideChar=-1, lpMultiByteStr=0x5935a8, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", lpUsedDefaultChar=0x0) returned 48 [0055.654] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.654] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{ECFEB900-2D31-464D-A237-5527F5B30542}") returned 38 [0055.654] lstrlenA (lpString="{ECFEB900-2D31-464D-A237-5527F5B30542}") returned 38 [0055.654] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.655] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.655] lstrlenA (lpString="{ECFEB900-2D31-464D-A237-5527F5B30542}") returned 38 [0055.655] GetProcessHeap () returned 0x570000 [0055.655] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592408 [0055.655] GetProcessHeap () returned 0x570000 [0055.655] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592480 [0055.655] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned 47 [0055.668] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.669] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.669] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.669] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.669] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.669] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.669] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.669] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592508) returned 1 [0055.670] CryptGenRandom (in: hProv=0x592508, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.670] CryptReleaseContext (hProv=0x592508, dwFlags=0x0) returned 1 [0055.670] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.670] GetProcessHeap () returned 0x570000 [0055.670] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592508 [0055.670] lstrlenA (lpString="010001") returned 6 [0055.670] GetProcessHeap () returned 0x570000 [0055.670] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0055.670] GetProcessHeap () returned 0x570000 [0055.670] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.670] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ef00 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593e18 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ef00 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.671] GetProcessHeap () returned 0x570000 [0055.671] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ef00 | out: hHeap=0x570000) returned 1 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.672] GetProcessHeap () returned 0x570000 [0055.672] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.672] GetProcessHeap () returned 0x570000 [0055.673] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.673] GetProcessHeap () returned 0x570000 [0055.673] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.673] GetProcessHeap () returned 0x570000 [0055.674] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.674] GetProcessHeap () returned 0x570000 [0055.674] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.675] GetProcessHeap () returned 0x570000 [0055.675] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.675] GetProcessHeap () returned 0x570000 [0055.676] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.676] GetProcessHeap () returned 0x570000 [0055.676] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.676] GetProcessHeap () returned 0x570000 [0055.677] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.677] GetProcessHeap () returned 0x570000 [0055.677] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.678] GetProcessHeap () returned 0x570000 [0055.678] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.678] GetProcessHeap () returned 0x570000 [0055.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.679] GetProcessHeap () returned 0x570000 [0055.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593e18 | out: hHeap=0x570000) returned 1 [0055.679] GetProcessHeap () returned 0x570000 [0055.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.679] GetProcessHeap () returned 0x570000 [0055.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.679] GetProcessHeap () returned 0x570000 [0055.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.679] GetProcessHeap () returned 0x570000 [0055.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.679] GetProcessHeap () returned 0x570000 [0055.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.679] GetProcessHeap () returned 0x570000 [0055.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.679] GetProcessHeap () returned 0x570000 [0055.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.679] GetProcessHeap () returned 0x570000 [0055.679] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592508 | out: hHeap=0x570000) returned 1 [0055.679] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.679] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.679] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.680] CloseHandle (hObject=0x80) returned 1 [0055.684] GetProcessHeap () returned 0x570000 [0055.684] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5935a8 | out: hHeap=0x570000) returned 1 [0055.684] GetProcessHeap () returned 0x570000 [0055.684] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592408 | out: hHeap=0x570000) returned 1 [0055.684] GetProcessHeap () returned 0x570000 [0055.684] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592480 | out: hHeap=0x570000) returned 1 [0055.684] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" [0055.684] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.{Killback@protonmail.com}KBK" [0055.684] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\msn websites\\msn.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.685] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites\\MSN.url" | out: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned 1 [0055.685] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0055.685] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" [0055.685] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\msn websites\\decrypt_files.html")) returned 0x20 [0055.685] GetProcessHeap () returned 0x570000 [0055.685] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.685] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0055.685] lstrcmpiW (lpString1="MSNBC News.url", lpString2=".") returned 1 [0055.685] lstrcmpiW (lpString1="MSNBC News.url", lpString2="..") returned 1 [0055.685] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="MSNBC News.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" [0055.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSNBC News.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0055.685] GetProcessHeap () returned 0x570000 [0055.685] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590f68 [0055.685] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="MSNBC News.url", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="MSNBC News.url", lpUsedDefaultChar=0x0) returned 15 [0055.685] lstrlenA (lpString="MSNBC News.url") returned 14 [0055.685] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.686] lstrlenA (lpString="MSNBC News.url") returned 14 [0055.686] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.686] lstrcmpiW (lpString1="MSNBC News.url", lpString2="decrypt_files.html") returned 1 [0055.686] lstrcmpiW (lpString1="MSNBC News.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.686] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.686] lstrcmpiW (lpString1="MSNBC News.url", lpString2="sihvgt.exe") returned -1 [0055.686] _alloca_probe () returned 0x40908b [0055.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0055.686] GetProcessHeap () returned 0x570000 [0055.686] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x37) returned 0x5925e8 [0055.686] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", cchWideChar=-1, lpMultiByteStr=0x5925e8, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", lpUsedDefaultChar=0x0) returned 55 [0055.686] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.686] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{859A2A5D-7519-420D-A0C8-B00F1EE95F66}") returned 38 [0055.686] lstrlenA (lpString="{859A2A5D-7519-420D-A0C8-B00F1EE95F66}") returned 38 [0055.686] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.686] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.686] lstrlenA (lpString="{859A2A5D-7519-420D-A0C8-B00F1EE95F66}") returned 38 [0055.686] GetProcessHeap () returned 0x570000 [0055.686] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592408 [0055.686] GetProcessHeap () returned 0x570000 [0055.686] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592480 [0055.686] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned 54 [0055.700] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.701] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.701] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.701] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.701] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.701] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.701] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.701] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592508) returned 1 [0055.702] CryptGenRandom (in: hProv=0x592508, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.702] CryptReleaseContext (hProv=0x592508, dwFlags=0x0) returned 1 [0055.702] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.702] GetProcessHeap () returned 0x570000 [0055.702] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592508 [0055.702] lstrlenA (lpString="010001") returned 6 [0055.702] GetProcessHeap () returned 0x570000 [0055.702] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.702] GetProcessHeap () returned 0x570000 [0055.702] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.702] GetProcessHeap () returned 0x570000 [0055.702] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.702] GetProcessHeap () returned 0x570000 [0055.702] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eee0 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593e18 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eee0 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.703] GetProcessHeap () returned 0x570000 [0055.703] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0055.703] GetProcessHeap () returned 0x570000 [0055.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eee0 | out: hHeap=0x570000) returned 1 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.704] GetProcessHeap () returned 0x570000 [0055.704] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.704] GetProcessHeap () returned 0x570000 [0055.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.705] GetProcessHeap () returned 0x570000 [0055.705] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.705] GetProcessHeap () returned 0x570000 [0055.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.706] GetProcessHeap () returned 0x570000 [0055.706] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.706] GetProcessHeap () returned 0x570000 [0055.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.707] GetProcessHeap () returned 0x570000 [0055.707] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.708] GetProcessHeap () returned 0x570000 [0055.708] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.709] GetProcessHeap () returned 0x570000 [0055.709] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.710] GetProcessHeap () returned 0x570000 [0055.710] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593e18 | out: hHeap=0x570000) returned 1 [0055.711] GetProcessHeap () returned 0x570000 [0055.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.711] GetProcessHeap () returned 0x570000 [0055.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.711] GetProcessHeap () returned 0x570000 [0055.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.711] GetProcessHeap () returned 0x570000 [0055.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.711] GetProcessHeap () returned 0x570000 [0055.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.711] GetProcessHeap () returned 0x570000 [0055.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.711] GetProcessHeap () returned 0x570000 [0055.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.711] GetProcessHeap () returned 0x570000 [0055.711] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592508 | out: hHeap=0x570000) returned 1 [0055.711] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.711] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.711] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.711] CloseHandle (hObject=0x80) returned 1 [0055.712] GetProcessHeap () returned 0x570000 [0055.712] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e8 | out: hHeap=0x570000) returned 1 [0055.712] GetProcessHeap () returned 0x570000 [0055.712] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592408 | out: hHeap=0x570000) returned 1 [0055.712] GetProcessHeap () returned 0x570000 [0055.712] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592480 | out: hHeap=0x570000) returned 1 [0055.712] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" [0055.712] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.{Killback@protonmail.com}KBK" [0055.713] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\msn websites\\msnbc news.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.714] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites\\MSNBC News.url" | out: pszPath="C:\\Users\\Default\\Favorites\\MSN Websites") returned 1 [0055.714] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\" [0055.714] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" [0055.714] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\MSN Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\msn websites\\decrypt_files.html")) returned 0x20 [0055.714] GetProcessHeap () returned 0x570000 [0055.714] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.714] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0055.714] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0055.714] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0055.714] GetProcessHeap () returned 0x570000 [0055.714] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0055.714] GetProcessHeap () returned 0x570000 [0055.714] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.714] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned 46 [0055.715] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*" [0055.715] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0055.717] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.717] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.717] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.717] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.717] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0055.717] lstrcmpiW (lpString1="IE Add-on site.url", lpString2=".") returned 1 [0055.717] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="..") returned 1 [0055.717] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="IE Add-on site.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" [0055.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="IE Add-on site.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 19 [0055.717] GetProcessHeap () returned 0x570000 [0055.717] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x13) returned 0x58fdc0 [0055.717] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="IE Add-on site.url", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IE Add-on site.url", lpUsedDefaultChar=0x0) returned 19 [0055.717] lstrlenA (lpString="IE Add-on site.url") returned 18 [0055.718] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.718] lstrlenA (lpString="IE Add-on site.url") returned 18 [0055.718] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.718] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="decrypt_files.html") returned 1 [0055.718] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.718] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.718] lstrcmpiW (lpString1="IE Add-on site.url", lpString2="sihvgt.exe") returned -1 [0055.718] _alloca_probe () returned 0x40908b [0055.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 65 [0055.718] GetProcessHeap () returned 0x570000 [0055.718] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x41) returned 0x5894c8 [0055.718] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", cchWideChar=-1, lpMultiByteStr=0x5894c8, cbMultiByte=65, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", lpUsedDefaultChar=0x0) returned 65 [0055.718] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.718] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{4D461855-A683-4CEC-8542-DEAE28D862C6}") returned 38 [0055.718] lstrlenA (lpString="{4D461855-A683-4CEC-8542-DEAE28D862C6}") returned 38 [0055.718] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.719] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.719] lstrlenA (lpString="{4D461855-A683-4CEC-8542-DEAE28D862C6}") returned 38 [0055.719] GetProcessHeap () returned 0x570000 [0055.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923a0 [0055.719] GetProcessHeap () returned 0x570000 [0055.719] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592418 [0055.719] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned 64 [0055.733] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.734] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.734] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.734] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.734] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.734] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.734] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.734] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5924a0) returned 1 [0055.735] CryptGenRandom (in: hProv=0x5924a0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.735] CryptReleaseContext (hProv=0x5924a0, dwFlags=0x0) returned 1 [0055.735] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.735] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924a0 [0055.736] lstrlenA (lpString="010001") returned 6 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593e18 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.736] GetProcessHeap () returned 0x570000 [0055.736] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.736] GetProcessHeap () returned 0x570000 [0055.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.737] GetProcessHeap () returned 0x570000 [0055.737] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.738] GetProcessHeap () returned 0x570000 [0055.738] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.739] GetProcessHeap () returned 0x570000 [0055.739] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.739] GetProcessHeap () returned 0x570000 [0055.740] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.740] GetProcessHeap () returned 0x570000 [0055.740] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.740] GetProcessHeap () returned 0x570000 [0055.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.741] GetProcessHeap () returned 0x570000 [0055.741] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.742] GetProcessHeap () returned 0x570000 [0055.742] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.742] GetProcessHeap () returned 0x570000 [0055.743] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.743] GetProcessHeap () returned 0x570000 [0055.743] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.743] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593e18 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.744] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.744] GetProcessHeap () returned 0x570000 [0055.745] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.745] GetProcessHeap () returned 0x570000 [0055.745] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.745] GetProcessHeap () returned 0x570000 [0055.745] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924a0 | out: hHeap=0x570000) returned 1 [0055.745] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.745] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.745] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.745] CloseHandle (hObject=0x80) returned 1 [0055.751] GetProcessHeap () returned 0x570000 [0055.751] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5894c8 | out: hHeap=0x570000) returned 1 [0055.751] GetProcessHeap () returned 0x570000 [0055.751] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0055.751] GetProcessHeap () returned 0x570000 [0055.751] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0055.751] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" [0055.751] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.{Killback@protonmail.com}KBK" [0055.751] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie add-on site.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.752] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE Add-on site.url" | out: pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned 1 [0055.752] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0055.752] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" [0055.752] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\decrypt_files.html")) returned 0xffffffff [0055.752] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.752] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0055.752] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0055.754] CloseHandle (hObject=0x80) returned 1 [0055.754] GetProcessHeap () returned 0x570000 [0055.754] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.754] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0055.754] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2=".") returned 1 [0055.754] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="..") returned 1 [0055.754] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="IE site on Microsoft.com.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" [0055.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="IE site on Microsoft.com.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 29 [0055.754] GetProcessHeap () returned 0x570000 [0055.754] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x1d) returned 0x590698 [0055.754] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="IE site on Microsoft.com.url", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=29, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IE site on Microsoft.com.url", lpUsedDefaultChar=0x0) returned 29 [0055.754] lstrlenA (lpString="IE site on Microsoft.com.url") returned 28 [0055.754] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.754] lstrlenA (lpString="IE site on Microsoft.com.url") returned 28 [0055.754] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.754] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="decrypt_files.html") returned 1 [0055.754] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.754] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.754] lstrcmpiW (lpString1="IE site on Microsoft.com.url", lpString2="sihvgt.exe") returned -1 [0055.754] _alloca_probe () returned 0x40908b [0055.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 75 [0055.755] GetProcessHeap () returned 0x570000 [0055.755] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4b) returned 0x5923a0 [0055.755] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", cchWideChar=-1, lpMultiByteStr=0x5923a0, cbMultiByte=75, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", lpUsedDefaultChar=0x0) returned 75 [0055.755] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.755] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{D4A4F350-6EF5-4E39-B657-D69970F7E303}") returned 38 [0055.755] lstrlenA (lpString="{D4A4F350-6EF5-4E39-B657-D69970F7E303}") returned 38 [0055.755] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.755] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.755] lstrlenA (lpString="{D4A4F350-6EF5-4E39-B657-D69970F7E303}") returned 38 [0055.755] GetProcessHeap () returned 0x570000 [0055.755] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923f8 [0055.755] GetProcessHeap () returned 0x570000 [0055.755] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592470 [0055.755] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned 74 [0055.770] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.771] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.771] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.771] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.771] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.771] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.772] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.772] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5924f8) returned 1 [0055.772] CryptGenRandom (in: hProv=0x5924f8, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.772] CryptReleaseContext (hProv=0x5924f8, dwFlags=0x0) returned 1 [0055.773] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924f8 [0055.773] lstrlenA (lpString="010001") returned 6 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.773] GetProcessHeap () returned 0x570000 [0055.773] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593e18 [0055.773] GetProcessHeap () returned 0x570000 [0055.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.774] GetProcessHeap () returned 0x570000 [0055.774] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.775] GetProcessHeap () returned 0x570000 [0055.775] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.776] GetProcessHeap () returned 0x570000 [0055.776] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.777] GetProcessHeap () returned 0x570000 [0055.777] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.778] GetProcessHeap () returned 0x570000 [0055.778] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.778] GetProcessHeap () returned 0x570000 [0055.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.779] GetProcessHeap () returned 0x570000 [0055.779] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.779] GetProcessHeap () returned 0x570000 [0055.780] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.780] GetProcessHeap () returned 0x570000 [0055.780] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593e18 | out: hHeap=0x570000) returned 1 [0055.781] GetProcessHeap () returned 0x570000 [0055.781] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.781] GetProcessHeap () returned 0x570000 [0055.782] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.782] GetProcessHeap () returned 0x570000 [0055.782] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.782] GetProcessHeap () returned 0x570000 [0055.782] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.782] GetProcessHeap () returned 0x570000 [0055.782] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.782] GetProcessHeap () returned 0x570000 [0055.782] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.782] GetProcessHeap () returned 0x570000 [0055.782] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.782] GetProcessHeap () returned 0x570000 [0055.782] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924f8 | out: hHeap=0x570000) returned 1 [0055.782] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.782] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.782] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.783] CloseHandle (hObject=0x80) returned 1 [0055.787] GetProcessHeap () returned 0x570000 [0055.787] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0055.787] GetProcessHeap () returned 0x570000 [0055.787] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923f8 | out: hHeap=0x570000) returned 1 [0055.787] GetProcessHeap () returned 0x570000 [0055.787] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592470 | out: hHeap=0x570000) returned 1 [0055.787] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" [0055.787] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.{Killback@protonmail.com}KBK" [0055.787] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\ie site on microsoft.com.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.788] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url" | out: pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned 1 [0055.788] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0055.788] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" [0055.788] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\decrypt_files.html")) returned 0x20 [0055.788] GetProcessHeap () returned 0x570000 [0055.788] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0055.788] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0055.788] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2=".") returned 1 [0055.788] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="..") returned 1 [0055.788] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="Microsoft At Home.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" [0055.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft At Home.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.788] GetProcessHeap () returned 0x570000 [0055.788] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x58fdc0 [0055.788] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft At Home.url", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft At Home.url", lpUsedDefaultChar=0x0) returned 22 [0055.788] lstrlenA (lpString="Microsoft At Home.url") returned 21 [0055.788] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.788] lstrlenA (lpString="Microsoft At Home.url") returned 21 [0055.789] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.789] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="decrypt_files.html") returned 1 [0055.789] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.789] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.789] lstrcmpiW (lpString1="Microsoft At Home.url", lpString2="sihvgt.exe") returned -1 [0055.789] _alloca_probe () returned 0x40908b [0055.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0055.789] GetProcessHeap () returned 0x570000 [0055.789] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x44) returned 0x5894c8 [0055.789] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", cchWideChar=-1, lpMultiByteStr=0x5894c8, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", lpUsedDefaultChar=0x0) returned 68 [0055.789] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.789] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{0D4C100C-A193-4755-9A50-D4108D57FA0C}") returned 38 [0055.789] lstrlenA (lpString="{0D4C100C-A193-4755-9A50-D4108D57FA0C}") returned 38 [0055.789] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.789] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.789] lstrlenA (lpString="{0D4C100C-A193-4755-9A50-D4108D57FA0C}") returned 38 [0055.789] GetProcessHeap () returned 0x570000 [0055.789] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923a0 [0055.789] GetProcessHeap () returned 0x570000 [0055.789] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592418 [0055.789] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned 67 [0055.803] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.804] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.804] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.805] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.805] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.805] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.805] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.805] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5924a0) returned 1 [0055.806] CryptGenRandom (in: hProv=0x5924a0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.806] CryptReleaseContext (hProv=0x5924a0, dwFlags=0x0) returned 1 [0055.806] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.806] GetProcessHeap () returned 0x570000 [0055.806] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924a0 [0055.806] lstrlenA (lpString="010001") returned 6 [0055.806] GetProcessHeap () returned 0x570000 [0055.806] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0055.806] GetProcessHeap () returned 0x570000 [0055.806] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.806] GetProcessHeap () returned 0x570000 [0055.806] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.806] GetProcessHeap () returned 0x570000 [0055.806] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.806] GetProcessHeap () returned 0x570000 [0055.806] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.806] GetProcessHeap () returned 0x570000 [0055.806] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.806] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593e18 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.807] GetProcessHeap () returned 0x570000 [0055.807] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.807] GetProcessHeap () returned 0x570000 [0055.808] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.808] GetProcessHeap () returned 0x570000 [0055.808] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.809] GetProcessHeap () returned 0x570000 [0055.809] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.809] GetProcessHeap () returned 0x570000 [0055.810] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.810] GetProcessHeap () returned 0x570000 [0055.810] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.811] GetProcessHeap () returned 0x570000 [0055.811] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.812] GetProcessHeap () returned 0x570000 [0055.812] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.812] GetProcessHeap () returned 0x570000 [0055.813] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.813] GetProcessHeap () returned 0x570000 [0055.813] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.813] GetProcessHeap () returned 0x570000 [0055.814] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.814] GetProcessHeap () returned 0x570000 [0055.814] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.814] GetProcessHeap () returned 0x570000 [0055.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593e18 | out: hHeap=0x570000) returned 1 [0055.815] GetProcessHeap () returned 0x570000 [0055.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.815] GetProcessHeap () returned 0x570000 [0055.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.815] GetProcessHeap () returned 0x570000 [0055.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.815] GetProcessHeap () returned 0x570000 [0055.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.815] GetProcessHeap () returned 0x570000 [0055.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.815] GetProcessHeap () returned 0x570000 [0055.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.815] GetProcessHeap () returned 0x570000 [0055.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.815] GetProcessHeap () returned 0x570000 [0055.815] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924a0 | out: hHeap=0x570000) returned 1 [0055.815] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.815] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.816] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.816] CloseHandle (hObject=0x80) returned 1 [0055.824] GetProcessHeap () returned 0x570000 [0055.824] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5894c8 | out: hHeap=0x570000) returned 1 [0055.824] GetProcessHeap () returned 0x570000 [0055.824] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0055.824] GetProcessHeap () returned 0x570000 [0055.824] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0055.824] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" [0055.824] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.{Killback@protonmail.com}KBK" [0055.824] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at home.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.825] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Home.url" | out: pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned 1 [0055.825] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0055.825] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" [0055.825] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\decrypt_files.html")) returned 0x20 [0055.825] GetProcessHeap () returned 0x570000 [0055.825] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.825] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0055.825] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2=".") returned 1 [0055.825] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="..") returned 1 [0055.825] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="Microsoft At Work.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" [0055.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft At Work.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.825] GetProcessHeap () returned 0x570000 [0055.825] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x58fdc0 [0055.825] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft At Work.url", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft At Work.url", lpUsedDefaultChar=0x0) returned 22 [0055.825] lstrlenA (lpString="Microsoft At Work.url") returned 21 [0055.826] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.826] lstrlenA (lpString="Microsoft At Work.url") returned 21 [0055.826] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.826] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="decrypt_files.html") returned 1 [0055.826] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.826] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.826] lstrcmpiW (lpString1="Microsoft At Work.url", lpString2="sihvgt.exe") returned -1 [0055.826] _alloca_probe () returned 0x40908b [0055.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 68 [0055.826] GetProcessHeap () returned 0x570000 [0055.826] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x44) returned 0x5894c8 [0055.826] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", cchWideChar=-1, lpMultiByteStr=0x5894c8, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", lpUsedDefaultChar=0x0) returned 68 [0055.826] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.826] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{24EBE85A-6AA1-486A-9A18-C569398DC9E9}") returned 38 [0055.826] lstrlenA (lpString="{24EBE85A-6AA1-486A-9A18-C569398DC9E9}") returned 38 [0055.826] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.826] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=133) returned 1 [0055.826] lstrlenA (lpString="{24EBE85A-6AA1-486A-9A18-C569398DC9E9}") returned 38 [0055.826] GetProcessHeap () returned 0x570000 [0055.826] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923a0 [0055.826] GetProcessHeap () returned 0x570000 [0055.826] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592418 [0055.826] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned 67 [0055.840] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x85, lpOverlapped=0x0) returned 1 [0055.841] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.841] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.841] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.841] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.841] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.841] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.842] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5924a0) returned 1 [0055.842] CryptGenRandom (in: hProv=0x5924a0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.842] CryptReleaseContext (hProv=0x5924a0, dwFlags=0x0) returned 1 [0055.842] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.842] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924a0 [0055.843] lstrlenA (lpString="010001") returned 6 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593e18 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.843] GetProcessHeap () returned 0x570000 [0055.843] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.844] GetProcessHeap () returned 0x570000 [0055.844] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.845] GetProcessHeap () returned 0x570000 [0055.845] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.845] GetProcessHeap () returned 0x570000 [0055.846] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.846] GetProcessHeap () returned 0x570000 [0055.846] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.846] GetProcessHeap () returned 0x570000 [0055.847] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.847] GetProcessHeap () returned 0x570000 [0055.847] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.847] GetProcessHeap () returned 0x570000 [0055.848] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.848] GetProcessHeap () returned 0x570000 [0055.848] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.848] GetProcessHeap () returned 0x570000 [0055.849] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.849] GetProcessHeap () returned 0x570000 [0055.849] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.850] GetProcessHeap () returned 0x570000 [0055.850] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593e18 | out: hHeap=0x570000) returned 1 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.851] GetProcessHeap () returned 0x570000 [0055.851] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.852] GetProcessHeap () returned 0x570000 [0055.852] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.852] GetProcessHeap () returned 0x570000 [0055.852] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.852] GetProcessHeap () returned 0x570000 [0055.852] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.852] GetProcessHeap () returned 0x570000 [0055.852] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.852] GetProcessHeap () returned 0x570000 [0055.852] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924a0 | out: hHeap=0x570000) returned 1 [0055.852] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.852] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.852] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.852] CloseHandle (hObject=0x80) returned 1 [0055.853] GetProcessHeap () returned 0x570000 [0055.853] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5894c8 | out: hHeap=0x570000) returned 1 [0055.853] GetProcessHeap () returned 0x570000 [0055.853] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0055.853] GetProcessHeap () returned 0x570000 [0055.853] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0055.853] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" [0055.853] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.{Killback@protonmail.com}KBK" [0055.853] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft at work.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.854] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft At Work.url" | out: pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned 1 [0055.854] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0055.854] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" [0055.854] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\decrypt_files.html")) returned 0x20 [0055.854] GetProcessHeap () returned 0x570000 [0055.854] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.854] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0055.854] lstrcmpiW (lpString1="Microsoft Store.url", lpString2=".") returned 1 [0055.854] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="..") returned 1 [0055.854] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="Microsoft Store.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" [0055.854] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft Store.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 20 [0055.855] GetProcessHeap () returned 0x570000 [0055.855] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x14) returned 0x58fdc0 [0055.855] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft Store.url", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Store.url", lpUsedDefaultChar=0x0) returned 20 [0055.855] lstrlenA (lpString="Microsoft Store.url") returned 19 [0055.855] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.855] lstrlenA (lpString="Microsoft Store.url") returned 19 [0055.855] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.855] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="decrypt_files.html") returned 1 [0055.855] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.855] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.855] lstrcmpiW (lpString1="Microsoft Store.url", lpString2="sihvgt.exe") returned -1 [0055.855] _alloca_probe () returned 0x40908b [0055.855] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 66 [0055.855] GetProcessHeap () returned 0x570000 [0055.855] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x42) returned 0x5894c8 [0055.855] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", cchWideChar=-1, lpMultiByteStr=0x5894c8, cbMultiByte=66, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", lpUsedDefaultChar=0x0) returned 66 [0055.855] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.855] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{2400C073-FFC6-49C3-998F-3901FB4336C2}") returned 38 [0055.855] lstrlenA (lpString="{2400C073-FFC6-49C3-998F-3901FB4336C2}") returned 38 [0055.855] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.856] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=134) returned 1 [0055.856] lstrlenA (lpString="{2400C073-FFC6-49C3-998F-3901FB4336C2}") returned 38 [0055.856] GetProcessHeap () returned 0x570000 [0055.856] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923a0 [0055.856] GetProcessHeap () returned 0x570000 [0055.856] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592418 [0055.856] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned 65 [0055.867] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x86, lpOverlapped=0x0) returned 1 [0055.868] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.868] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x90, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x90, lpOverlapped=0x0) returned 1 [0055.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.869] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.869] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.869] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.869] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5924a0) returned 1 [0055.870] CryptGenRandom (in: hProv=0x5924a0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.870] CryptReleaseContext (hProv=0x5924a0, dwFlags=0x0) returned 1 [0055.870] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.870] GetProcessHeap () returned 0x570000 [0055.870] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924a0 [0055.870] lstrlenA (lpString="010001") returned 6 [0055.870] GetProcessHeap () returned 0x570000 [0055.870] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0055.870] GetProcessHeap () returned 0x570000 [0055.870] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.870] GetProcessHeap () returned 0x570000 [0055.870] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.870] GetProcessHeap () returned 0x570000 [0055.870] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.870] GetProcessHeap () returned 0x570000 [0055.870] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.870] GetProcessHeap () returned 0x570000 [0055.870] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.870] GetProcessHeap () returned 0x570000 [0055.870] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eea0 [0055.870] GetProcessHeap () returned 0x570000 [0055.870] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593e18 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.871] GetProcessHeap () returned 0x570000 [0055.871] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.872] GetProcessHeap () returned 0x570000 [0055.872] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.873] GetProcessHeap () returned 0x570000 [0055.873] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.874] GetProcessHeap () returned 0x570000 [0055.874] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.875] GetProcessHeap () returned 0x570000 [0055.875] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.875] GetProcessHeap () returned 0x570000 [0055.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.876] GetProcessHeap () returned 0x570000 [0055.876] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.876] GetProcessHeap () returned 0x570000 [0055.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.877] GetProcessHeap () returned 0x570000 [0055.877] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.877] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593e18 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.878] GetProcessHeap () returned 0x570000 [0055.878] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.879] GetProcessHeap () returned 0x570000 [0055.879] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924a0 | out: hHeap=0x570000) returned 1 [0055.879] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.879] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.879] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.879] CloseHandle (hObject=0x80) returned 1 [0055.880] GetProcessHeap () returned 0x570000 [0055.880] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5894c8 | out: hHeap=0x570000) returned 1 [0055.880] GetProcessHeap () returned 0x570000 [0055.880] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0055.880] GetProcessHeap () returned 0x570000 [0055.880] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0055.880] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" [0055.880] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.{Killback@protonmail.com}KBK" [0055.880] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\microsoft store.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.880] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites\\Microsoft Store.url" | out: pszPath="C:\\Users\\Default\\Favorites\\Microsoft Websites") returned 1 [0055.881] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\" [0055.881] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" [0055.881] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Microsoft Websites\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\microsoft websites\\decrypt_files.html")) returned 0x20 [0055.881] GetProcessHeap () returned 0x570000 [0055.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.881] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0055.881] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0055.881] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Favorites\\Links\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0055.881] GetProcessHeap () returned 0x570000 [0055.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589158 | out: hHeap=0x570000) returned 1 [0055.881] GetProcessHeap () returned 0x570000 [0055.881] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.881] lstrlenW (lpString="C:\\Users\\Default\\Favorites\\Links\\") returned 33 [0055.881] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\*") returned="C:\\Users\\Default\\Favorites\\Links\\*" [0055.881] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Favorites\\Links\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0055.881] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.881] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.881] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.881] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.881] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfefb1330, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.881] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.882] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.882] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned="C:\\Users\\Default\\Favorites\\Links\\desktop.ini" [0055.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.882] GetProcessHeap () returned 0x570000 [0055.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0055.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0055.882] lstrlenA (lpString="desktop.ini") returned 11 [0055.882] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.882] lstrlenA (lpString="desktop.ini") returned 11 [0055.882] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.882] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0055.882] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.882] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.882] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0055.882] _alloca_probe () returned 0x40908b [0055.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Links\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 45 [0055.882] GetProcessHeap () returned 0x570000 [0055.882] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2d) returned 0x5935a8 [0055.882] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Links\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x5935a8, cbMultiByte=45, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Links\\desktop.ini", lpUsedDefaultChar=0x0) returned 45 [0055.882] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.882] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{F28799E9-8B4C-46AF-BB83-DA7958749E49}") returned 38 [0055.882] lstrlenA (lpString="{F28799E9-8B4C-46AF-BB83-DA7958749E49}") returned 38 [0055.882] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.882] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=80) returned 1 [0055.882] lstrlenA (lpString="{F28799E9-8B4C-46AF-BB83-DA7958749E49}") returned 38 [0055.883] GetProcessHeap () returned 0x570000 [0055.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923a0 [0055.883] GetProcessHeap () returned 0x570000 [0055.883] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592418 [0055.883] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned 44 [0055.893] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x50, lpOverlapped=0x0) returned 1 [0055.894] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.894] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x50, lpOverlapped=0x0) returned 1 [0055.895] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.895] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.895] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.895] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.895] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5924a0) returned 1 [0055.896] CryptGenRandom (in: hProv=0x5924a0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.896] CryptReleaseContext (hProv=0x5924a0, dwFlags=0x0) returned 1 [0055.896] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.896] GetProcessHeap () returned 0x570000 [0055.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924a0 [0055.896] lstrlenA (lpString="010001") returned 6 [0055.896] GetProcessHeap () returned 0x570000 [0055.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0055.896] GetProcessHeap () returned 0x570000 [0055.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.896] GetProcessHeap () returned 0x570000 [0055.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.896] GetProcessHeap () returned 0x570000 [0055.896] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.896] GetProcessHeap () returned 0x570000 [0055.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.896] GetProcessHeap () returned 0x570000 [0055.896] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eeb0 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593e18 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.897] GetProcessHeap () returned 0x570000 [0055.897] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.898] GetProcessHeap () returned 0x570000 [0055.898] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.899] GetProcessHeap () returned 0x570000 [0055.899] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.900] GetProcessHeap () returned 0x570000 [0055.900] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.901] GetProcessHeap () returned 0x570000 [0055.901] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.902] GetProcessHeap () returned 0x570000 [0055.902] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.902] GetProcessHeap () returned 0x570000 [0055.903] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.903] GetProcessHeap () returned 0x570000 [0055.903] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.904] GetProcessHeap () returned 0x570000 [0055.904] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.905] GetProcessHeap () returned 0x570000 [0055.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593e18 | out: hHeap=0x570000) returned 1 [0055.905] GetProcessHeap () returned 0x570000 [0055.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.905] GetProcessHeap () returned 0x570000 [0055.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.905] GetProcessHeap () returned 0x570000 [0055.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.905] GetProcessHeap () returned 0x570000 [0055.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.905] GetProcessHeap () returned 0x570000 [0055.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.905] GetProcessHeap () returned 0x570000 [0055.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.905] GetProcessHeap () returned 0x570000 [0055.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.905] GetProcessHeap () returned 0x570000 [0055.905] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924a0 | out: hHeap=0x570000) returned 1 [0055.905] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.905] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.905] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.906] CloseHandle (hObject=0x80) returned 1 [0055.906] GetProcessHeap () returned 0x570000 [0055.906] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5935a8 | out: hHeap=0x570000) returned 1 [0055.906] GetProcessHeap () returned 0x570000 [0055.906] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0055.906] GetProcessHeap () returned 0x570000 [0055.906] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0055.906] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Links\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\desktop.ini") returned="C:\\Users\\Default\\Favorites\\Links\\desktop.ini" [0055.906] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Links\\desktop.ini.{Killback@protonmail.com}KBK" [0055.907] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Links\\desktop.ini" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Favorites\\Links\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\links\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.907] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Links\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Favorites\\Links") returned 1 [0055.907] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0055.907] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Links\\decrypt_files.html" [0055.907] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\links\\decrypt_files.html")) returned 0xffffffff [0055.907] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\links\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.909] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0055.909] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0055.910] CloseHandle (hObject=0x80) returned 1 [0055.910] GetProcessHeap () returned 0x570000 [0055.910] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.910] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0055.911] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2=".") returned 1 [0055.911] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="..") returned 1 [0055.911] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="Web Slice Gallery.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" [0055.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Web Slice Gallery.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0055.911] GetProcessHeap () returned 0x570000 [0055.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x58fdc0 [0055.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Web Slice Gallery.url", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Web Slice Gallery.url", lpUsedDefaultChar=0x0) returned 22 [0055.911] lstrlenA (lpString="Web Slice Gallery.url") returned 21 [0055.911] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.911] lstrlenA (lpString="Web Slice Gallery.url") returned 21 [0055.911] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.911] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="decrypt_files.html") returned 1 [0055.911] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.911] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.911] lstrcmpiW (lpString1="Web Slice Gallery.url", lpString2="sihvgt.exe") returned 1 [0055.911] _alloca_probe () returned 0x40908b [0055.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0055.911] GetProcessHeap () returned 0x570000 [0055.911] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x37) returned 0x5925e8 [0055.911] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", cchWideChar=-1, lpMultiByteStr=0x5925e8, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", lpUsedDefaultChar=0x0) returned 55 [0055.911] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.911] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{4314DD00-BCBF-48F6-9234-9F824149BA85}") returned 38 [0055.911] lstrlenA (lpString="{4314DD00-BCBF-48F6-9234-9F824149BA85}") returned 38 [0055.911] CreateFileW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.912] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=226) returned 1 [0055.912] lstrlenA (lpString="{4314DD00-BCBF-48F6-9234-9F824149BA85}") returned 38 [0055.912] GetProcessHeap () returned 0x570000 [0055.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5923a0 [0055.912] GetProcessHeap () returned 0x570000 [0055.912] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592418 [0055.912] lstrlenA (lpString="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned 54 [0055.922] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0xe2, lpOverlapped=0x0) returned 1 [0055.924] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.924] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0xf0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0xf0, lpOverlapped=0x0) returned 1 [0055.924] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.924] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.924] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.924] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.924] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5924a0) returned 1 [0055.926] CryptGenRandom (in: hProv=0x5924a0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.926] CryptReleaseContext (hProv=0x5924a0, dwFlags=0x0) returned 1 [0055.926] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.926] GetProcessHeap () returned 0x570000 [0055.926] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924a0 [0055.926] lstrlenA (lpString="010001") returned 6 [0055.926] GetProcessHeap () returned 0x570000 [0055.926] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x593d90 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593e18 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.927] GetProcessHeap () returned 0x570000 [0055.927] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.928] GetProcessHeap () returned 0x570000 [0055.928] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.929] GetProcessHeap () returned 0x570000 [0055.929] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.929] GetProcessHeap () returned 0x570000 [0055.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.930] GetProcessHeap () returned 0x570000 [0055.930] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.930] GetProcessHeap () returned 0x570000 [0055.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.931] GetProcessHeap () returned 0x570000 [0055.931] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.932] GetProcessHeap () returned 0x570000 [0055.932] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.933] GetProcessHeap () returned 0x570000 [0055.933] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593e18 | out: hHeap=0x570000) returned 1 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.934] GetProcessHeap () returned 0x570000 [0055.934] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.935] GetProcessHeap () returned 0x570000 [0055.935] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.935] GetProcessHeap () returned 0x570000 [0055.935] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.935] GetProcessHeap () returned 0x570000 [0055.935] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.935] GetProcessHeap () returned 0x570000 [0055.935] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.935] GetProcessHeap () returned 0x570000 [0055.935] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.935] GetProcessHeap () returned 0x570000 [0055.935] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924a0 | out: hHeap=0x570000) returned 1 [0055.935] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.935] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.935] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.935] CloseHandle (hObject=0x80) returned 1 [0055.936] GetProcessHeap () returned 0x570000 [0055.936] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5925e8 | out: hHeap=0x570000) returned 1 [0055.936] GetProcessHeap () returned 0x570000 [0055.936] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923a0 | out: hHeap=0x570000) returned 1 [0055.936] GetProcessHeap () returned 0x570000 [0055.936] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592418 | out: hHeap=0x570000) returned 1 [0055.936] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url") returned="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" [0055.936] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.{Killback@protonmail.com}KBK" [0055.936] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url"), lpNewFileName="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\favorites\\links\\web slice gallery.url.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.937] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Favorites\\Links\\Web Slice Gallery.url" | out: pszPath="C:\\Users\\Default\\Favorites\\Links") returned 1 [0055.937] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\") returned="C:\\Users\\Default\\Favorites\\Links\\" [0055.937] lstrcatW (in: lpString1="C:\\Users\\Default\\Favorites\\Links\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Favorites\\Links\\decrypt_files.html") returned="C:\\Users\\Default\\Favorites\\Links\\decrypt_files.html" [0055.937] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Favorites\\Links\\decrypt_files.html" (normalized: "c:\\users\\default\\favorites\\links\\decrypt_files.html")) returned 0x20 [0055.937] GetProcessHeap () returned 0x570000 [0055.937] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0055.937] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0055.937] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0055.937] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Downloads\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0055.937] GetProcessHeap () returned 0x570000 [0055.937] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592360 | out: hHeap=0x570000) returned 1 [0055.937] GetProcessHeap () returned 0x570000 [0055.937] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0055.937] lstrlenW (lpString="C:\\Users\\Default\\Downloads\\") returned 27 [0055.937] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Downloads\\*") returned="C:\\Users\\Default\\Downloads\\*" [0055.937] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Downloads\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0055.938] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.938] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.938] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.938] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.938] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.938] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.938] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.938] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Downloads\\desktop.ini") returned="C:\\Users\\Default\\Downloads\\desktop.ini" [0055.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.938] GetProcessHeap () returned 0x570000 [0055.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0055.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0055.938] lstrlenA (lpString="desktop.ini") returned 11 [0055.938] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.938] lstrlenA (lpString="desktop.ini") returned 11 [0055.938] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.938] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0055.938] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.938] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.938] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0055.938] _alloca_probe () returned 0x40908b [0055.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Downloads\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0055.938] GetProcessHeap () returned 0x570000 [0055.938] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x27) returned 0x588da8 [0055.938] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Downloads\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Downloads\\desktop.ini", lpUsedDefaultChar=0x0) returned 39 [0055.939] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.939] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{ADDFDBFB-D87D-47AF-BCF2-29F4EA832063}") returned 38 [0055.939] lstrlenA (lpString="{ADDFDBFB-D87D-47AF-BCF2-29F4EA832063}") returned 38 [0055.939] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.939] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=282) returned 1 [0055.939] lstrlenA (lpString="{ADDFDBFB-D87D-47AF-BCF2-29F4EA832063}") returned 38 [0055.939] GetProcessHeap () returned 0x570000 [0055.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592360 [0055.939] GetProcessHeap () returned 0x570000 [0055.939] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923d8 [0055.939] lstrlenA (lpString="C:\\Users\\Default\\Downloads\\desktop.ini") returned 38 [0055.949] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x11a, lpOverlapped=0x0) returned 1 [0055.950] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.951] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x120, lpOverlapped=0x0) returned 1 [0055.951] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.951] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.951] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.951] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.951] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592460) returned 1 [0055.952] CryptGenRandom (in: hProv=0x592460, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0055.952] CryptReleaseContext (hProv=0x592460, dwFlags=0x0) returned 1 [0055.952] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0055.952] GetProcessHeap () returned 0x570000 [0055.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592460 [0055.952] lstrlenA (lpString="010001") returned 6 [0055.952] GetProcessHeap () returned 0x570000 [0055.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee60 [0055.952] GetProcessHeap () returned 0x570000 [0055.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e8 [0055.952] GetProcessHeap () returned 0x570000 [0055.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0055.952] GetProcessHeap () returned 0x570000 [0055.952] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e8 | out: hHeap=0x570000) returned 1 [0055.952] GetProcessHeap () returned 0x570000 [0055.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0055.952] GetProcessHeap () returned 0x570000 [0055.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924e8 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593d90 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eec0 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924e8 | out: hHeap=0x570000) returned 1 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0055.953] GetProcessHeap () returned 0x570000 [0055.953] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.954] GetProcessHeap () returned 0x570000 [0055.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.955] GetProcessHeap () returned 0x570000 [0055.955] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.955] GetProcessHeap () returned 0x570000 [0055.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.956] GetProcessHeap () returned 0x570000 [0055.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.956] GetProcessHeap () returned 0x570000 [0055.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.957] GetProcessHeap () returned 0x570000 [0055.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.958] GetProcessHeap () returned 0x570000 [0055.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.958] GetProcessHeap () returned 0x570000 [0055.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.959] GetProcessHeap () returned 0x570000 [0055.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.959] GetProcessHeap () returned 0x570000 [0055.960] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.960] GetProcessHeap () returned 0x570000 [0055.960] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0055.961] GetProcessHeap () returned 0x570000 [0055.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592460 | out: hHeap=0x570000) returned 1 [0055.961] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0055.962] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0055.962] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0055.962] CloseHandle (hObject=0x80) returned 1 [0055.969] GetProcessHeap () returned 0x570000 [0055.969] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0055.969] GetProcessHeap () returned 0x570000 [0055.969] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592360 | out: hHeap=0x570000) returned 1 [0055.969] GetProcessHeap () returned 0x570000 [0055.969] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923d8 | out: hHeap=0x570000) returned 1 [0055.969] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Downloads\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Downloads\\desktop.ini") returned="C:\\Users\\Default\\Downloads\\desktop.ini" [0055.969] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Downloads\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Downloads\\desktop.ini.{Killback@protonmail.com}KBK" [0055.969] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Downloads\\desktop.ini" (normalized: "c:\\users\\default\\downloads\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Downloads\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\downloads\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0055.970] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Downloads\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Downloads") returned 1 [0055.970] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Downloads\\") returned="C:\\Users\\Default\\Downloads\\" [0055.970] lstrcatW (in: lpString1="C:\\Users\\Default\\Downloads\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Downloads\\decrypt_files.html") returned="C:\\Users\\Default\\Downloads\\decrypt_files.html" [0055.970] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Downloads\\decrypt_files.html" (normalized: "c:\\users\\default\\downloads\\decrypt_files.html")) returned 0xffffffff [0055.970] CreateFileW (lpFileName="C:\\Users\\Default\\Downloads\\decrypt_files.html" (normalized: "c:\\users\\default\\downloads\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.970] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0055.970] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0055.977] CloseHandle (hObject=0x80) returned 1 [0055.977] GetProcessHeap () returned 0x570000 [0055.977] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0055.977] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0055.977] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0055.978] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Documents\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0055.978] GetProcessHeap () returned 0x570000 [0055.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592320 | out: hHeap=0x570000) returned 1 [0055.978] GetProcessHeap () returned 0x570000 [0055.978] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0055.978] lstrlenW (lpString="C:\\Users\\Default\\Documents\\") returned 27 [0055.978] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\*") returned="C:\\Users\\Default\\Documents\\*" [0055.978] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0055.979] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0055.979] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0055.979] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0055.979] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0055.979] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0055.979] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0055.979] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0055.979] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Documents\\desktop.ini") returned="C:\\Users\\Default\\Documents\\desktop.ini" [0055.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0055.979] GetProcessHeap () returned 0x570000 [0055.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0055.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0055.979] lstrlenA (lpString="desktop.ini") returned 11 [0055.979] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.979] lstrlenA (lpString="desktop.ini") returned 11 [0055.979] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0055.979] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0055.979] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0055.979] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0055.979] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0055.979] _alloca_probe () returned 0x40908b [0055.979] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Documents\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0055.979] GetProcessHeap () returned 0x570000 [0055.979] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x27) returned 0x588da8 [0055.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Documents\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Documents\\desktop.ini", lpUsedDefaultChar=0x0) returned 39 [0055.980] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0055.980] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{60CE1167-1171-4A14-A549-DD1763600740}") returned 38 [0055.980] lstrlenA (lpString="{60CE1167-1171-4A14-A549-DD1763600740}") returned 38 [0055.980] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0055.981] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=402) returned 1 [0055.981] lstrlenA (lpString="{60CE1167-1171-4A14-A549-DD1763600740}") returned 38 [0055.981] GetProcessHeap () returned 0x570000 [0055.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592320 [0055.981] GetProcessHeap () returned 0x570000 [0055.981] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592398 [0055.981] lstrlenA (lpString="C:\\Users\\Default\\Documents\\desktop.ini") returned 38 [0055.992] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x192, lpOverlapped=0x0) returned 1 [0055.993] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.993] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x1a0, lpOverlapped=0x0) returned 1 [0055.993] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0055.993] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0055.993] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0055.999] lstrlenA (lpString="rsa_encrypt") returned 11 [0055.999] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592420) returned 1 [0056.000] CryptGenRandom (in: hProv=0x592420, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0056.000] CryptReleaseContext (hProv=0x592420, dwFlags=0x0) returned 1 [0056.000] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0056.000] GetProcessHeap () returned 0x570000 [0056.000] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592420 [0056.000] lstrlenA (lpString="010001") returned 6 [0056.000] GetProcessHeap () returned 0x570000 [0056.000] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee70 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924a8 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924a8 | out: hHeap=0x570000) returned 1 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee60 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924a8 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593d90 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee60 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924a8 | out: hHeap=0x570000) returned 1 [0056.001] GetProcessHeap () returned 0x570000 [0056.001] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0056.001] GetProcessHeap () returned 0x570000 [0056.002] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.002] GetProcessHeap () returned 0x570000 [0056.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.003] GetProcessHeap () returned 0x570000 [0056.003] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.004] GetProcessHeap () returned 0x570000 [0056.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.005] GetProcessHeap () returned 0x570000 [0056.005] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.006] GetProcessHeap () returned 0x570000 [0056.006] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.006] GetProcessHeap () returned 0x570000 [0056.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.007] GetProcessHeap () returned 0x570000 [0056.007] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.008] GetProcessHeap () returned 0x570000 [0056.008] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0056.009] GetProcessHeap () returned 0x570000 [0056.009] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592420 | out: hHeap=0x570000) returned 1 [0056.009] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0056.010] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0056.010] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0056.010] CloseHandle (hObject=0x80) returned 1 [0056.011] GetProcessHeap () returned 0x570000 [0056.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0056.011] GetProcessHeap () returned 0x570000 [0056.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592320 | out: hHeap=0x570000) returned 1 [0056.011] GetProcessHeap () returned 0x570000 [0056.011] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592398 | out: hHeap=0x570000) returned 1 [0056.011] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Documents\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Documents\\desktop.ini") returned="C:\\Users\\Default\\Documents\\desktop.ini" [0056.011] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Documents\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Documents\\desktop.ini.{Killback@protonmail.com}KBK" [0056.011] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Documents\\desktop.ini" (normalized: "c:\\users\\default\\documents\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Documents\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\documents\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0056.012] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Documents\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Documents") returned 1 [0056.012] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\") returned="C:\\Users\\Default\\Documents\\" [0056.012] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Documents\\decrypt_files.html") returned="C:\\Users\\Default\\Documents\\decrypt_files.html" [0056.012] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Documents\\decrypt_files.html" (normalized: "c:\\users\\default\\documents\\decrypt_files.html")) returned 0xffffffff [0056.012] CreateFileW (lpFileName="C:\\Users\\Default\\Documents\\decrypt_files.html" (normalized: "c:\\users\\default\\documents\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.012] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0056.013] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0056.014] CloseHandle (hObject=0x80) returned 1 [0056.022] GetProcessHeap () returned 0x570000 [0056.022] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.022] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0056.022] lstrcmpiW (lpString1="My Music", lpString2=".") returned 1 [0056.022] lstrcmpiW (lpString1="My Music", lpString2="..") returned 1 [0056.022] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Music" | out: lpString1="C:\\Users\\Default\\Documents\\My Music") returned="C:\\Users\\Default\\Documents\\My Music" [0056.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Music", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0056.022] GetProcessHeap () returned 0x570000 [0056.022] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0056.022] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Music", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="My Music", lpUsedDefaultChar=0x0) returned 9 [0056.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.022] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.023] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.024] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.025] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Music", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.026] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0056.026] GetProcessHeap () returned 0x570000 [0056.026] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee70 [0056.026] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Music\\") returned 36 [0056.026] GetProcessHeap () returned 0x570000 [0056.026] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4a) returned 0x592320 [0056.026] lstrcpyW (in: lpString1=0x592320, lpString2="C:\\Users\\Default\\Documents\\My Music\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0056.026] GetProcessHeap () returned 0x570000 [0056.026] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.026] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0056.026] lstrcmpiW (lpString1="My Pictures", lpString2=".") returned 1 [0056.026] lstrcmpiW (lpString1="My Pictures", lpString2="..") returned 1 [0056.026] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Pictures" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures") returned="C:\\Users\\Default\\Documents\\My Pictures" [0056.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Pictures", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0056.026] GetProcessHeap () returned 0x570000 [0056.026] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0056.026] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Pictures", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="My Pictures", lpUsedDefaultChar=0x0) returned 12 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.026] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.027] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.028] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Pictures", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.028] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0056.028] GetProcessHeap () returned 0x570000 [0056.028] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eeb0 [0056.028] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Pictures\\") returned 39 [0056.028] GetProcessHeap () returned 0x570000 [0056.028] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x592378 [0056.028] lstrcpyW (in: lpString1=0x592378, lpString2="C:\\Users\\Default\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0056.029] GetProcessHeap () returned 0x570000 [0056.029] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.029] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0056.029] lstrcmpiW (lpString1="My Videos", lpString2=".") returned 1 [0056.029] lstrcmpiW (lpString1="My Videos", lpString2="..") returned 1 [0056.029] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\", lpString2="My Videos" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos") returned="C:\\Users\\Default\\Documents\\My Videos" [0056.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Videos", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0056.029] GetProcessHeap () returned 0x570000 [0056.029] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0056.029] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="My Videos", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="My Videos", lpUsedDefaultChar=0x0) returned 10 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.029] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.030] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="My Videos", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.030] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0056.030] GetProcessHeap () returned 0x570000 [0056.030] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee60 [0056.030] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Videos\\") returned 37 [0056.030] GetProcessHeap () returned 0x570000 [0056.031] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4c) returned 0x5923d0 [0056.031] lstrcpyW (in: lpString1=0x5923d0, lpString2="C:\\Users\\Default\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0056.031] GetProcessHeap () returned 0x570000 [0056.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.031] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0056.031] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.031] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Documents\\My Videos\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\") returned="C:\\Users\\Default\\Documents\\My Videos\\" [0056.031] GetProcessHeap () returned 0x570000 [0056.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923d0 | out: hHeap=0x570000) returned 1 [0056.031] GetProcessHeap () returned 0x570000 [0056.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0056.031] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Videos\\") returned 37 [0056.031] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Videos\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\My Videos\\*") returned="C:\\Users\\Default\\Documents\\My Videos\\*" [0056.031] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Videos\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0xffffffff [0056.031] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Documents\\My Pictures\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\") returned="C:\\Users\\Default\\Documents\\My Pictures\\" [0056.031] GetProcessHeap () returned 0x570000 [0056.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592378 | out: hHeap=0x570000) returned 1 [0056.031] GetProcessHeap () returned 0x570000 [0056.031] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.031] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Pictures\\") returned 39 [0056.031] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\My Pictures\\*") returned="C:\\Users\\Default\\Documents\\My Pictures\\*" [0056.032] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Pictures\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0xffffffff [0056.032] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Documents\\My Music\\" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\") returned="C:\\Users\\Default\\Documents\\My Music\\" [0056.032] GetProcessHeap () returned 0x570000 [0056.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592320 | out: hHeap=0x570000) returned 1 [0056.032] GetProcessHeap () returned 0x570000 [0056.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0056.032] lstrlenW (lpString="C:\\Users\\Default\\Documents\\My Music\\") returned 36 [0056.032] lstrcatW (in: lpString1="C:\\Users\\Default\\Documents\\My Music\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Documents\\My Music\\*") returned="C:\\Users\\Default\\Documents\\My Music\\*" [0056.032] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Documents\\My Music\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0xffffffff [0056.032] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Desktop\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0056.032] GetProcessHeap () returned 0x570000 [0056.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0056.032] GetProcessHeap () returned 0x570000 [0056.032] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.032] lstrlenW (lpString="C:\\Users\\Default\\Desktop\\") returned 25 [0056.032] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Desktop\\*") returned="C:\\Users\\Default\\Desktop\\*" [0056.032] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Desktop\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.033] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.033] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.033] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.033] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.033] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0056.033] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0056.033] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0056.033] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Desktop\\desktop.ini") returned="C:\\Users\\Default\\Desktop\\desktop.ini" [0056.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0056.033] GetProcessHeap () returned 0x570000 [0056.033] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0056.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0056.033] lstrlenA (lpString="desktop.ini") returned 11 [0056.033] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.033] lstrlenA (lpString="desktop.ini") returned 11 [0056.033] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.033] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0056.033] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0056.033] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0056.033] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0056.033] _alloca_probe () returned 0x40908b [0056.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Desktop\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 37 [0056.033] GetProcessHeap () returned 0x570000 [0056.033] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x25) returned 0x588da8 [0056.033] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Desktop\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=37, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Desktop\\desktop.ini", lpUsedDefaultChar=0x0) returned 37 [0056.033] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0056.033] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{D8C5C0E1-5E72-429C-ABCF-3FB12ED07BEB}") returned 38 [0056.033] lstrlenA (lpString="{D8C5C0E1-5E72-429C-ABCF-3FB12ED07BEB}") returned 38 [0056.033] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.034] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=282) returned 1 [0056.034] lstrlenA (lpString="{D8C5C0E1-5E72-429C-ABCF-3FB12ED07BEB}") returned 38 [0056.034] GetProcessHeap () returned 0x570000 [0056.034] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5922e0 [0056.034] GetProcessHeap () returned 0x570000 [0056.034] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592358 [0056.034] lstrlenA (lpString="C:\\Users\\Default\\Desktop\\desktop.ini") returned 36 [0056.044] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x11a, lpOverlapped=0x0) returned 1 [0056.045] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.045] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x120, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x120, lpOverlapped=0x0) returned 1 [0056.045] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.046] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0056.046] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0056.046] lstrlenA (lpString="rsa_encrypt") returned 11 [0056.046] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x5923e0) returned 1 [0056.047] CryptGenRandom (in: hProv=0x5923e0, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0056.047] CryptReleaseContext (hProv=0x5923e0, dwFlags=0x0) returned 1 [0056.047] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0056.047] GetProcessHeap () returned 0x570000 [0056.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923e0 [0056.047] lstrlenA (lpString="010001") returned 6 [0056.047] GetProcessHeap () returned 0x570000 [0056.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee80 [0056.047] GetProcessHeap () returned 0x570000 [0056.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0056.047] GetProcessHeap () returned 0x570000 [0056.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0056.047] GetProcessHeap () returned 0x570000 [0056.047] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0056.047] GetProcessHeap () returned 0x570000 [0056.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0056.047] GetProcessHeap () returned 0x570000 [0056.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0056.047] GetProcessHeap () returned 0x570000 [0056.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee70 [0056.047] GetProcessHeap () returned 0x570000 [0056.047] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0056.047] GetProcessHeap () returned 0x570000 [0056.047] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0056.047] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592468 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593d90 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee70 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592468 | out: hHeap=0x570000) returned 1 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee70 | out: hHeap=0x570000) returned 1 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0056.048] GetProcessHeap () returned 0x570000 [0056.048] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.049] GetProcessHeap () returned 0x570000 [0056.049] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.049] GetProcessHeap () returned 0x570000 [0056.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.050] GetProcessHeap () returned 0x570000 [0056.050] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.050] GetProcessHeap () returned 0x570000 [0056.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.051] GetProcessHeap () returned 0x570000 [0056.051] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.051] GetProcessHeap () returned 0x570000 [0056.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.052] GetProcessHeap () returned 0x570000 [0056.052] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.053] GetProcessHeap () returned 0x570000 [0056.053] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.054] GetProcessHeap () returned 0x570000 [0056.054] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eeb0 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eeb0 | out: hHeap=0x570000) returned 1 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0056.055] GetProcessHeap () returned 0x570000 [0056.055] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0056.056] GetProcessHeap () returned 0x570000 [0056.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0056.056] GetProcessHeap () returned 0x570000 [0056.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0056.056] GetProcessHeap () returned 0x570000 [0056.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0056.056] GetProcessHeap () returned 0x570000 [0056.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0056.056] GetProcessHeap () returned 0x570000 [0056.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.056] GetProcessHeap () returned 0x570000 [0056.056] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923e0 | out: hHeap=0x570000) returned 1 [0056.056] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0056.056] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0056.056] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0056.056] CloseHandle (hObject=0x80) returned 1 [0056.064] GetProcessHeap () returned 0x570000 [0056.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0056.064] GetProcessHeap () returned 0x570000 [0056.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0056.064] GetProcessHeap () returned 0x570000 [0056.064] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592358 | out: hHeap=0x570000) returned 1 [0056.064] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Desktop\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Desktop\\desktop.ini") returned="C:\\Users\\Default\\Desktop\\desktop.ini" [0056.064] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Desktop\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Desktop\\desktop.ini.{Killback@protonmail.com}KBK" [0056.064] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Desktop\\desktop.ini" (normalized: "c:\\users\\default\\desktop\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Desktop\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\desktop\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0056.065] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Desktop\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Desktop") returned 1 [0056.065] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Desktop\\") returned="C:\\Users\\Default\\Desktop\\" [0056.065] lstrcatW (in: lpString1="C:\\Users\\Default\\Desktop\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Desktop\\decrypt_files.html") returned="C:\\Users\\Default\\Desktop\\decrypt_files.html" [0056.065] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Desktop\\decrypt_files.html" (normalized: "c:\\users\\default\\desktop\\decrypt_files.html")) returned 0xffffffff [0056.066] CreateFileW (lpFileName="C:\\Users\\Default\\Desktop\\decrypt_files.html" (normalized: "c:\\users\\default\\desktop\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.066] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0056.066] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0056.067] CloseHandle (hObject=0x80) returned 1 [0056.067] GetProcessHeap () returned 0x570000 [0056.067] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.067] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0056.067] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.067] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Cookies\\" | out: lpString1="C:\\Users\\Default\\Cookies\\") returned="C:\\Users\\Default\\Cookies\\" [0056.067] GetProcessHeap () returned 0x570000 [0056.067] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f70 | out: hHeap=0x570000) returned 1 [0056.067] GetProcessHeap () returned 0x570000 [0056.067] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.067] lstrlenW (lpString="C:\\Users\\Default\\Cookies\\") returned 25 [0056.067] lstrcatW (in: lpString1="C:\\Users\\Default\\Cookies\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Cookies\\*") returned="C:\\Users\\Default\\Cookies\\*" [0056.067] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Cookies\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0056.068] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Contacts\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0056.068] GetProcessHeap () returned 0x570000 [0056.068] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f30 | out: hHeap=0x570000) returned 1 [0056.068] GetProcessHeap () returned 0x570000 [0056.068] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.068] lstrlenW (lpString="C:\\Users\\Default\\Contacts\\") returned 26 [0056.068] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Contacts\\*") returned="C:\\Users\\Default\\Contacts\\*" [0056.068] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Contacts\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.068] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.068] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.068] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.068] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.068] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0056.068] lstrcmpiW (lpString1="Administrator.contact", lpString2=".") returned 1 [0056.068] lstrcmpiW (lpString1="Administrator.contact", lpString2="..") returned 1 [0056.068] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="Administrator.contact" | out: lpString1="C:\\Users\\Default\\Contacts\\Administrator.contact") returned="C:\\Users\\Default\\Contacts\\Administrator.contact" [0056.068] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Administrator.contact", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0056.069] GetProcessHeap () returned 0x570000 [0056.069] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x16) returned 0x58fdc0 [0056.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Administrator.contact", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Administrator.contact", lpUsedDefaultChar=0x0) returned 22 [0056.069] lstrlenA (lpString="Administrator.contact") returned 21 [0056.069] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.069] lstrlenA (lpString="Administrator.contact") returned 21 [0056.069] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.069] lstrcmpiW (lpString1="Administrator.contact", lpString2="decrypt_files.html") returned -1 [0056.069] lstrcmpiW (lpString1="Administrator.contact", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0056.069] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0056.069] lstrcmpiW (lpString1="Administrator.contact", lpString2="sihvgt.exe") returned -1 [0056.069] _alloca_probe () returned 0x40908b [0056.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Contacts\\Administrator.contact", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 48 [0056.069] GetProcessHeap () returned 0x570000 [0056.069] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x5935a8 [0056.069] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Contacts\\Administrator.contact", cchWideChar=-1, lpMultiByteStr=0x5935a8, cbMultiByte=48, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Contacts\\Administrator.contact", lpUsedDefaultChar=0x0) returned 48 [0056.069] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0056.069] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{0E8C4811-ACC5-4C15-98C3-8859DECCFF60}") returned 38 [0056.069] lstrlenA (lpString="{0E8C4811-ACC5-4C15-98C3-8859DECCFF60}") returned 38 [0056.069] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.069] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=68382) returned 1 [0056.069] lstrlenA (lpString="{0E8C4811-ACC5-4C15-98C3-8859DECCFF60}") returned 38 [0056.069] GetProcessHeap () returned 0x570000 [0056.069] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x588f30 [0056.069] GetProcessHeap () returned 0x570000 [0056.070] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5922e0 [0056.070] lstrlenA (lpString="C:\\Users\\Default\\Contacts\\Administrator.contact") returned 47 [0056.081] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.093] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.094] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.094] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.094] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.095] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.095] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.095] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.096] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0xb1e, lpOverlapped=0x0) returned 1 [0056.096] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xfffff4e2, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.096] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0xb20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0xb20, lpOverlapped=0x0) returned 1 [0056.096] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.096] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0056.096] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0056.097] lstrlenA (lpString="rsa_encrypt") returned 11 [0056.097] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592368) returned 1 [0056.097] CryptGenRandom (in: hProv=0x592368, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0056.097] CryptReleaseContext (hProv=0x592368, dwFlags=0x0) returned 1 [0056.097] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592368 [0056.098] lstrlenA (lpString="010001") returned 6 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee50 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923f0 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923f0 | out: hHeap=0x570000) returned 1 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee90 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923f0 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592478 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0056.098] GetProcessHeap () returned 0x570000 [0056.098] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923f0 | out: hHeap=0x570000) returned 1 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.099] GetProcessHeap () returned 0x570000 [0056.099] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.100] GetProcessHeap () returned 0x570000 [0056.100] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.101] GetProcessHeap () returned 0x570000 [0056.101] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.101] GetProcessHeap () returned 0x570000 [0056.102] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.102] GetProcessHeap () returned 0x570000 [0056.102] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.102] GetProcessHeap () returned 0x570000 [0056.103] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.103] GetProcessHeap () returned 0x570000 [0056.103] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.104] GetProcessHeap () returned 0x570000 [0056.104] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.104] GetProcessHeap () returned 0x570000 [0056.105] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.105] GetProcessHeap () returned 0x570000 [0056.105] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.105] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592478 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.106] GetProcessHeap () returned 0x570000 [0056.106] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592368 | out: hHeap=0x570000) returned 1 [0056.106] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0056.106] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0056.106] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0056.107] CloseHandle (hObject=0x80) returned 1 [0056.108] GetProcessHeap () returned 0x570000 [0056.108] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5935a8 | out: hHeap=0x570000) returned 1 [0056.108] GetProcessHeap () returned 0x570000 [0056.108] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f30 | out: hHeap=0x570000) returned 1 [0056.108] GetProcessHeap () returned 0x570000 [0056.108] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0056.108] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Contacts\\Administrator.contact" | out: lpString1="C:\\Users\\Default\\Contacts\\Administrator.contact") returned="C:\\Users\\Default\\Contacts\\Administrator.contact" [0056.108] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\Administrator.contact", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Contacts\\Administrator.contact.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Contacts\\Administrator.contact.{Killback@protonmail.com}KBK" [0056.108] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Contacts\\Administrator.contact" (normalized: "c:\\users\\default\\contacts\\administrator.contact"), lpNewFileName="C:\\Users\\Default\\Contacts\\Administrator.contact.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\contacts\\administrator.contact.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0056.109] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Contacts\\Administrator.contact" | out: pszPath="C:\\Users\\Default\\Contacts") returned 1 [0056.109] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0056.109] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Contacts\\decrypt_files.html") returned="C:\\Users\\Default\\Contacts\\decrypt_files.html" [0056.109] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Contacts\\decrypt_files.html" (normalized: "c:\\users\\default\\contacts\\decrypt_files.html")) returned 0xffffffff [0056.109] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\decrypt_files.html" (normalized: "c:\\users\\default\\contacts\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.109] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0056.109] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0056.110] CloseHandle (hObject=0x80) returned 1 [0056.111] GetProcessHeap () returned 0x570000 [0056.111] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0056.111] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0056.111] lstrcmpiW (lpString1="desktop.ini", lpString2=".") returned 1 [0056.111] lstrcmpiW (lpString1="desktop.ini", lpString2="..") returned 1 [0056.111] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="desktop.ini" | out: lpString1="C:\\Users\\Default\\Contacts\\desktop.ini") returned="C:\\Users\\Default\\Contacts\\desktop.ini" [0056.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0056.111] GetProcessHeap () returned 0x570000 [0056.111] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0056.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="desktop.ini", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="desktop.ini", lpUsedDefaultChar=0x0) returned 12 [0056.111] lstrlenA (lpString="desktop.ini") returned 11 [0056.111] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.111] lstrlenA (lpString="desktop.ini") returned 11 [0056.111] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.111] lstrcmpiW (lpString1="desktop.ini", lpString2="decrypt_files.html") returned 1 [0056.111] lstrcmpiW (lpString1="desktop.ini", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0056.111] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0056.111] lstrcmpiW (lpString1="desktop.ini", lpString2="sihvgt.exe") returned -1 [0056.111] _alloca_probe () returned 0x40908b [0056.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Contacts\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 38 [0056.111] GetProcessHeap () returned 0x570000 [0056.111] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x26) returned 0x588da8 [0056.111] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\Contacts\\desktop.ini", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\Contacts\\desktop.ini", lpUsedDefaultChar=0x0) returned 38 [0056.111] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0056.111] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{0AE0A09A-D5BD-4CF6-B274-A7ED40ADA75A}") returned 38 [0056.111] lstrlenA (lpString="{0AE0A09A-D5BD-4CF6-B274-A7ED40ADA75A}") returned 38 [0056.111] CreateFileW (lpFileName="C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.112] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=412) returned 1 [0056.112] lstrlenA (lpString="{0AE0A09A-D5BD-4CF6-B274-A7ED40ADA75A}") returned 38 [0056.112] GetProcessHeap () returned 0x570000 [0056.112] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x588f30 [0056.112] GetProcessHeap () returned 0x570000 [0056.112] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5922e0 [0056.112] lstrlenA (lpString="C:\\Users\\Default\\Contacts\\desktop.ini") returned 37 [0056.123] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x19c, lpOverlapped=0x0) returned 1 [0056.124] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.124] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x1a0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x1a0, lpOverlapped=0x0) returned 1 [0056.124] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.124] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0056.124] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0056.124] lstrlenA (lpString="rsa_encrypt") returned 11 [0056.124] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592368) returned 1 [0056.125] CryptGenRandom (in: hProv=0x592368, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0056.125] CryptReleaseContext (hProv=0x592368, dwFlags=0x0) returned 1 [0056.125] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0056.125] GetProcessHeap () returned 0x570000 [0056.125] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592368 [0056.125] lstrlenA (lpString="010001") returned 6 [0056.125] GetProcessHeap () returned 0x570000 [0056.125] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee50 [0056.125] GetProcessHeap () returned 0x570000 [0056.125] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923f0 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923f0 | out: hHeap=0x570000) returned 1 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee80 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923f0 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592478 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923f0 | out: hHeap=0x570000) returned 1 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0056.126] GetProcessHeap () returned 0x570000 [0056.126] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.126] GetProcessHeap () returned 0x570000 [0056.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.127] GetProcessHeap () returned 0x570000 [0056.127] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.128] GetProcessHeap () returned 0x570000 [0056.128] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.128] GetProcessHeap () returned 0x570000 [0056.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.129] GetProcessHeap () returned 0x570000 [0056.129] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.130] GetProcessHeap () returned 0x570000 [0056.130] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.131] GetProcessHeap () returned 0x570000 [0056.131] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.131] GetProcessHeap () returned 0x570000 [0056.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.132] GetProcessHeap () returned 0x570000 [0056.132] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee90 [0056.133] GetProcessHeap () returned 0x570000 [0056.133] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592478 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.134] GetProcessHeap () returned 0x570000 [0056.134] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592368 | out: hHeap=0x570000) returned 1 [0056.134] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0056.134] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0056.134] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0056.135] CloseHandle (hObject=0x80) returned 1 [0056.140] GetProcessHeap () returned 0x570000 [0056.140] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0056.140] GetProcessHeap () returned 0x570000 [0056.140] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f30 | out: hHeap=0x570000) returned 1 [0056.140] GetProcessHeap () returned 0x570000 [0056.140] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0056.140] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\Contacts\\desktop.ini" | out: lpString1="C:\\Users\\Default\\Contacts\\desktop.ini") returned="C:\\Users\\Default\\Contacts\\desktop.ini" [0056.140] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\desktop.ini", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\Contacts\\desktop.ini.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\Contacts\\desktop.ini.{Killback@protonmail.com}KBK" [0056.140] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\Contacts\\desktop.ini" (normalized: "c:\\users\\default\\contacts\\desktop.ini"), lpNewFileName="C:\\Users\\Default\\Contacts\\desktop.ini.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\contacts\\desktop.ini.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0056.142] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\Contacts\\desktop.ini" | out: pszPath="C:\\Users\\Default\\Contacts") returned 1 [0056.142] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts", lpString2="\\" | out: lpString1="C:\\Users\\Default\\Contacts\\") returned="C:\\Users\\Default\\Contacts\\" [0056.142] lstrcatW (in: lpString1="C:\\Users\\Default\\Contacts\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\Contacts\\decrypt_files.html") returned="C:\\Users\\Default\\Contacts\\decrypt_files.html" [0056.142] GetFileAttributesW (lpFileName="C:\\Users\\Default\\Contacts\\decrypt_files.html" (normalized: "c:\\users\\default\\contacts\\decrypt_files.html")) returned 0x20 [0056.143] GetProcessHeap () returned 0x570000 [0056.143] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.143] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0056.143] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.143] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\Application Data\\" | out: lpString1="C:\\Users\\Default\\Application Data\\") returned="C:\\Users\\Default\\Application Data\\" [0056.143] GetProcessHeap () returned 0x570000 [0056.143] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0056.143] GetProcessHeap () returned 0x570000 [0056.143] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee40 | out: hHeap=0x570000) returned 1 [0056.143] lstrlenW (lpString="C:\\Users\\Default\\Application Data\\") returned 34 [0056.143] lstrcatW (in: lpString1="C:\\Users\\Default\\Application Data\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\Application Data\\*") returned="C:\\Users\\Default\\Application Data\\*" [0056.143] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\Application Data\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0xffffffff [0056.143] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\AppData\\" | out: lpString1="C:\\Users\\Default\\AppData\\") returned="C:\\Users\\Default\\AppData\\" [0056.143] GetProcessHeap () returned 0x570000 [0056.143] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ef0 | out: hHeap=0x570000) returned 1 [0056.143] GetProcessHeap () returned 0x570000 [0056.143] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.143] lstrlenW (lpString="C:\\Users\\Default\\AppData\\") returned 25 [0056.143] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\*") returned="C:\\Users\\Default\\AppData\\*" [0056.144] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.144] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.144] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.144] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.144] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.144] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 1 [0056.144] lstrcmpiW (lpString1="Local", lpString2=".") returned 1 [0056.144] lstrcmpiW (lpString1="Local", lpString2="..") returned 1 [0056.144] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="Local" | out: lpString1="C:\\Users\\Default\\AppData\\Local") returned="C:\\Users\\Default\\AppData\\Local" [0056.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Local", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0056.144] GetProcessHeap () returned 0x570000 [0056.144] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x6) returned 0x58ee30 [0056.144] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Local", cchWideChar=-1, lpMultiByteStr=0x58ee30, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Local", lpUsedDefaultChar=0x0) returned 6 [0056.144] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.144] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.144] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.144] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.144] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.144] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.145] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Local", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.146] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\") returned="C:\\Users\\Default\\AppData\\Local\\" [0056.146] GetProcessHeap () returned 0x570000 [0056.146] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee40 [0056.146] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Local\\") returned 31 [0056.146] GetProcessHeap () returned 0x570000 [0056.146] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x40) returned 0x5876f8 [0056.146] lstrcpyW (in: lpString1=0x5876f8, lpString2="C:\\Users\\Default\\AppData\\Local\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\") returned="C:\\Users\\Default\\AppData\\Local\\" [0056.146] GetProcessHeap () returned 0x570000 [0056.146] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.146] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="LocalLow", cAlternateFileName="")) returned 1 [0056.146] lstrcmpiW (lpString1="LocalLow", lpString2=".") returned 1 [0056.146] lstrcmpiW (lpString1="LocalLow", lpString2="..") returned 1 [0056.146] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="LocalLow" | out: lpString1="C:\\Users\\Default\\AppData\\LocalLow") returned="C:\\Users\\Default\\AppData\\LocalLow" [0056.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LocalLow", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0056.146] GetProcessHeap () returned 0x570000 [0056.146] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0056.146] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="LocalLow", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="LocalLow", lpUsedDefaultChar=0x0) returned 9 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.146] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.147] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.148] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="LocalLow", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.148] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\LocalLow", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\LocalLow\\") returned="C:\\Users\\Default\\AppData\\LocalLow\\" [0056.148] GetProcessHeap () returned 0x570000 [0056.148] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee30 [0056.148] lstrlenW (lpString="C:\\Users\\Default\\AppData\\LocalLow\\") returned 34 [0056.148] GetProcessHeap () returned 0x570000 [0056.148] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x46) returned 0x589108 [0056.148] lstrcpyW (in: lpString1=0x589108, lpString2="C:\\Users\\Default\\AppData\\LocalLow\\" | out: lpString1="C:\\Users\\Default\\AppData\\LocalLow\\") returned="C:\\Users\\Default\\AppData\\LocalLow\\" [0056.148] GetProcessHeap () returned 0x570000 [0056.148] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.148] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 1 [0056.148] lstrcmpiW (lpString1="Roaming", lpString2=".") returned 1 [0056.148] lstrcmpiW (lpString1="Roaming", lpString2="..") returned 1 [0056.148] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\", lpString2="Roaming" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming") returned="C:\\Users\\Default\\AppData\\Roaming" [0056.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Roaming", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0056.148] GetProcessHeap () returned 0x570000 [0056.148] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee50 [0056.148] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Roaming", cchWideChar=-1, lpMultiByteStr=0x58ee50, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Roaming", lpUsedDefaultChar=0x0) returned 8 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.149] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.150] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Roaming", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0056.150] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\") returned="C:\\Users\\Default\\AppData\\Roaming\\" [0056.150] GetProcessHeap () returned 0x570000 [0056.150] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee90 [0056.150] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\") returned 33 [0056.150] GetProcessHeap () returned 0x570000 [0056.150] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x44) returned 0x589158 [0056.150] lstrcpyW (in: lpString1=0x589158, lpString2="C:\\Users\\Default\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\") returned="C:\\Users\\Default\\AppData\\Roaming\\" [0056.150] GetProcessHeap () returned 0x570000 [0056.150] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.150] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Roaming", cAlternateFileName="")) returned 0 [0056.150] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.151] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\AppData\\Roaming\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\") returned="C:\\Users\\Default\\AppData\\Roaming\\" [0056.151] GetProcessHeap () returned 0x570000 [0056.151] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589158 | out: hHeap=0x570000) returned 1 [0056.151] GetProcessHeap () returned 0x570000 [0056.151] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.151] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\") returned 33 [0056.151] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\*" [0056.151] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.152] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.152] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.152] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.152] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.152] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Identities", cAlternateFileName="IDENTI~1")) returned 1 [0056.152] lstrcmpiW (lpString1="Identities", lpString2=".") returned 1 [0056.152] lstrcmpiW (lpString1="Identities", lpString2="..") returned 1 [0056.152] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\", lpString2="Identities" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities" [0056.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Identities", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.152] GetProcessHeap () returned 0x570000 [0056.152] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590f68 [0056.152] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Identities", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Identities", lpUsedDefaultChar=0x0) returned 11 [0056.152] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.152] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.152] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.152] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.152] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.152] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.152] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.152] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.153] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.154] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.154] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.154] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.154] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.154] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.154] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.154] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.154] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Identities", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.154] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\" [0056.154] GetProcessHeap () returned 0x570000 [0056.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee90 [0056.154] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned 44 [0056.154] GetProcessHeap () returned 0x570000 [0056.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5a) returned 0x588ef0 [0056.154] lstrcpyW (in: lpString1=0x588ef0, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Identities\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\" [0056.154] GetProcessHeap () returned 0x570000 [0056.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.154] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0056.154] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0056.154] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0056.154] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\", lpString2="Microsoft" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Microsoft") returned="C:\\Users\\Default\\AppData\\Roaming\\Microsoft" [0056.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0056.154] GetProcessHeap () returned 0x570000 [0056.154] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0056.154] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft", lpUsedDefaultChar=0x0) returned 10 [0056.154] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.154] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 2 [0056.154] GetProcessHeap () returned 0x570000 [0056.154] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.154] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x160a67d7, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0056.155] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.155] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Identities\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\" [0056.155] GetProcessHeap () returned 0x570000 [0056.155] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ef0 | out: hHeap=0x570000) returned 1 [0056.155] GetProcessHeap () returned 0x570000 [0056.155] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.155] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\") returned 44 [0056.155] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*" [0056.155] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.156] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.156] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.156] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.156] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.156] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 1 [0056.156] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2=".") returned 1 [0056.156] lstrcmpiW (lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="..") returned 1 [0056.156] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\", lpString2="{31810C36-5D23-4CCE-A3B4-316DED195C38}" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}" [0056.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0056.156] GetProcessHeap () returned 0x570000 [0056.156] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x27) returned 0x588da8 [0056.156] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpUsedDefaultChar=0x0) returned 39 [0056.156] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.156] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.156] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.156] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.157] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.158] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.158] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0056.158] GetProcessHeap () returned 0x570000 [0056.158] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee90 [0056.158] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 83 [0056.158] GetProcessHeap () returned 0x570000 [0056.158] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x588ef0 [0056.158] lstrcpyW (in: lpString1=0x588ef0, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0056.158] GetProcessHeap () returned 0x570000 [0056.158] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0056.158] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{31810C36-5D23-4CCE-A3B4-316DED195C38}", cAlternateFileName="{31810~1")) returned 0 [0056.158] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.159] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\" [0056.159] GetProcessHeap () returned 0x570000 [0056.159] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ef0 | out: hHeap=0x570000) returned 1 [0056.159] GetProcessHeap () returned 0x570000 [0056.159] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.159] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\") returned 83 [0056.159] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*") returned="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*" [0056.159] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Roaming\\Identities\\{31810C36-5D23-4CCE-A3B4-316DED195C38}\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.159] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.159] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.159] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.159] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.159] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf2c805c8, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0056.159] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.160] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\AppData\\LocalLow\\" | out: lpString1="C:\\Users\\Default\\AppData\\LocalLow\\") returned="C:\\Users\\Default\\AppData\\LocalLow\\" [0056.160] GetProcessHeap () returned 0x570000 [0056.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0056.160] GetProcessHeap () returned 0x570000 [0056.160] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.160] lstrlenW (lpString="C:\\Users\\Default\\AppData\\LocalLow\\") returned 34 [0056.160] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\LocalLow\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\LocalLow\\*") returned="C:\\Users\\Default\\AppData\\LocalLow\\*" [0056.160] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\LocalLow\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.161] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.161] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.161] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.161] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.161] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0056.161] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0056.161] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0056.161] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\LocalLow\\", lpString2="Microsoft" | out: lpString1="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft") returned="C:\\Users\\Default\\AppData\\LocalLow\\Microsoft" [0056.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0056.161] GetProcessHeap () returned 0x570000 [0056.161] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0056.161] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft", lpUsedDefaultChar=0x0) returned 10 [0056.161] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.161] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 2 [0056.161] GetProcessHeap () returned 0x570000 [0056.161] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.161] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x23a1d229, ftLastWriteTime.dwHighDateTime=0x1cb892f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 0 [0056.161] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.161] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\AppData\\Local\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\") returned="C:\\Users\\Default\\AppData\\Local\\" [0056.161] GetProcessHeap () returned 0x570000 [0056.161] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0056.161] GetProcessHeap () returned 0x570000 [0056.161] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee40 | out: hHeap=0x570000) returned 1 [0056.162] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Local\\") returned 31 [0056.162] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\*") returned="C:\\Users\\Default\\AppData\\Local\\*" [0056.162] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.162] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.162] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x66fe9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x93e4774a, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.163] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.163] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.163] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0056.163] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0056.163] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0056.163] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\", lpString2="Application Data" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Application Data") returned="C:\\Users\\Default\\AppData\\Local\\Application Data" [0056.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Application Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0056.163] GetProcessHeap () returned 0x570000 [0056.163] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x58fdc0 [0056.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Application Data", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Application Data", lpUsedDefaultChar=0x0) returned 17 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.163] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.164] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.164] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\Application Data", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Application Data\\") returned="C:\\Users\\Default\\AppData\\Local\\Application Data\\" [0056.164] GetProcessHeap () returned 0x570000 [0056.164] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee40 [0056.164] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Local\\Application Data\\") returned 48 [0056.165] GetProcessHeap () returned 0x570000 [0056.165] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x62) returned 0x588ef0 [0056.165] lstrcpyW (in: lpString1=0x588ef0, lpString2="C:\\Users\\Default\\AppData\\Local\\Application Data\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Application Data\\") returned="C:\\Users\\Default\\AppData\\Local\\Application Data\\" [0056.165] GetProcessHeap () returned 0x570000 [0056.165] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0056.165] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="History", cAlternateFileName="")) returned 1 [0056.165] lstrcmpiW (lpString1="History", lpString2=".") returned 1 [0056.165] lstrcmpiW (lpString1="History", lpString2="..") returned 1 [0056.165] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\", lpString2="History" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\History") returned="C:\\Users\\Default\\AppData\\Local\\History" [0056.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="History", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0056.165] GetProcessHeap () returned 0x570000 [0056.165] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee30 [0056.165] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="History", cchWideChar=-1, lpMultiByteStr=0x58ee30, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="History", lpUsedDefaultChar=0x0) returned 8 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.165] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.166] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="History", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.166] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\History", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\History\\") returned="C:\\Users\\Default\\AppData\\Local\\History\\" [0056.166] GetProcessHeap () returned 0x570000 [0056.167] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee90 [0056.167] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Local\\History\\") returned 39 [0056.167] GetProcessHeap () returned 0x570000 [0056.167] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x50) returned 0x5922e0 [0056.167] lstrcpyW (in: lpString1=0x5922e0, lpString2="C:\\Users\\Default\\AppData\\Local\\History\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\History\\") returned="C:\\Users\\Default\\AppData\\Local\\History\\" [0056.167] GetProcessHeap () returned 0x570000 [0056.167] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.167] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2022, ftCreationTime.dwLowDateTime=0x66b2700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x66b2700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xddd35f67, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0xbd7f0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="IconCache.db", cAlternateFileName="ICONCA~1.DB")) returned 1 [0056.167] lstrcmpiW (lpString1="IconCache.db", lpString2=".") returned 1 [0056.167] lstrcmpiW (lpString1="IconCache.db", lpString2="..") returned 1 [0056.167] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\", lpString2="IconCache.db" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\IconCache.db") returned="C:\\Users\\Default\\AppData\\Local\\IconCache.db" [0056.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="IconCache.db", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 13 [0056.167] GetProcessHeap () returned 0x570000 [0056.167] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xd) returned 0x590f68 [0056.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="IconCache.db", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="IconCache.db", lpUsedDefaultChar=0x0) returned 13 [0056.167] lstrlenA (lpString="IconCache.db") returned 12 [0056.167] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.167] lstrlenA (lpString="IconCache.db") returned 12 [0056.167] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.167] lstrcmpiW (lpString1="IconCache.db", lpString2="decrypt_files.html") returned 1 [0056.167] lstrcmpiW (lpString1="IconCache.db", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0056.167] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0056.167] lstrcmpiW (lpString1="IconCache.db", lpString2="sihvgt.exe") returned -1 [0056.167] _alloca_probe () returned 0x40908b [0056.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\AppData\\Local\\IconCache.db", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0056.167] GetProcessHeap () returned 0x570000 [0056.167] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x2c) returned 0x5935a8 [0056.167] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\AppData\\Local\\IconCache.db", cchWideChar=-1, lpMultiByteStr=0x5935a8, cbMultiByte=44, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\AppData\\Local\\IconCache.db", lpUsedDefaultChar=0x0) returned 44 [0056.167] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0056.167] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{A5030125-034C-428A-9E47-3CAEF49670BD}") returned 38 [0056.167] lstrlenA (lpString="{A5030125-034C-428A-9E47-3CAEF49670BD}") returned 38 [0056.168] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.169] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=776176) returned 1 [0056.169] lstrlenA (lpString="{A5030125-034C-428A-9E47-3CAEF49670BD}") returned 38 [0056.169] GetProcessHeap () returned 0x570000 [0056.169] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x592338 [0056.169] GetProcessHeap () returned 0x570000 [0056.169] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923b0 [0056.169] lstrlenA (lpString="C:\\Users\\Default\\AppData\\Local\\IconCache.db") returned 43 [0056.179] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.192] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.192] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.192] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.192] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.202] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.203] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.203] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.203] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.203] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.203] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.203] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.203] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.204] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.204] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.204] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.204] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.204] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.204] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.205] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.205] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.205] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.205] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.205] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.205] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.205] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.206] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.206] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.206] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.206] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.206] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.206] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.207] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.208] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.208] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.208] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.208] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.209] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.209] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.210] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.210] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.210] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.211] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.211] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.211] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.211] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.212] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.212] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.212] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.213] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.213] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.213] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.213] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.214] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.214] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.214] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.214] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.215] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.215] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.215] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.216] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.217] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.217] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.217] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.218] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.218] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.219] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.219] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.219] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.220] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.220] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.220] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.221] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.222] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.222] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.222] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.222] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.223] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.223] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.224] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.224] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.224] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.225] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.225] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.225] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.225] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.226] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.226] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.226] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.227] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.228] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.228] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.229] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.229] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.229] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.229] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.230] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.230] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.232] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.232] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.232] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.232] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.233] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.233] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.233] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.233] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.234] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.234] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.235] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.235] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.235] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.236] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.236] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.236] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.237] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.237] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.237] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.237] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.237] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.239] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.239] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.239] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.240] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.240] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.240] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.240] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.241] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.241] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.241] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.241] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.242] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.242] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.243] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.243] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.243] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.244] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.244] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.244] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.245] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.245] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.245] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.245] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.246] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.246] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.246] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.246] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.247] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.247] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.247] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.247] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.248] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.248] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.249] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.249] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.249] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.250] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.250] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.250] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.254] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.254] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.254] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.254] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.255] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.255] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.255] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.255] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.256] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.256] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.256] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.257] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.257] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.257] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.258] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.258] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.258] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.259] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.259] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.259] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0056.260] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.260] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0056.260] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.260] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x17f0, lpOverlapped=0x0) returned 1 [0056.260] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe810, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0056.261] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x17f0, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x17f0, lpOverlapped=0x0) returned 1 [0056.261] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.261] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0056.261] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0056.261] lstrlenA (lpString="rsa_encrypt") returned 11 [0056.261] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592438) returned 1 [0056.262] CryptGenRandom (in: hProv=0x592438, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0056.262] CryptReleaseContext (hProv=0x592438, dwFlags=0x0) returned 1 [0056.262] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0056.262] GetProcessHeap () returned 0x570000 [0056.262] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592438 [0056.262] lstrlenA (lpString="010001") returned 6 [0056.262] GetProcessHeap () returned 0x570000 [0056.262] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee30 [0056.262] GetProcessHeap () returned 0x570000 [0056.262] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924c0 [0056.262] GetProcessHeap () returned 0x570000 [0056.262] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0056.262] GetProcessHeap () returned 0x570000 [0056.262] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924c0 | out: hHeap=0x570000) returned 1 [0056.262] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee50 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5924c0 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x593d90 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5924c0 | out: hHeap=0x570000) returned 1 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.263] GetProcessHeap () returned 0x570000 [0056.263] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0056.263] GetProcessHeap () returned 0x570000 [0056.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.264] GetProcessHeap () returned 0x570000 [0056.264] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.264] GetProcessHeap () returned 0x570000 [0056.265] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.265] GetProcessHeap () returned 0x570000 [0056.265] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.266] GetProcessHeap () returned 0x570000 [0056.266] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.267] GetProcessHeap () returned 0x570000 [0056.267] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.268] GetProcessHeap () returned 0x570000 [0056.268] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.268] GetProcessHeap () returned 0x570000 [0056.268] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.268] GetProcessHeap () returned 0x570000 [0056.268] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.268] GetProcessHeap () returned 0x570000 [0056.268] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.268] GetProcessHeap () returned 0x570000 [0056.268] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.268] GetProcessHeap () returned 0x570000 [0056.268] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.268] GetProcessHeap () returned 0x570000 [0056.268] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.268] GetProcessHeap () returned 0x570000 [0056.268] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.268] GetProcessHeap () returned 0x570000 [0056.269] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.269] GetProcessHeap () returned 0x570000 [0056.269] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.270] GetProcessHeap () returned 0x570000 [0056.270] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.270] GetProcessHeap () returned 0x570000 [0056.271] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee80 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x593d90 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.271] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0056.271] GetProcessHeap () returned 0x570000 [0056.272] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.272] GetProcessHeap () returned 0x570000 [0056.272] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592438 | out: hHeap=0x570000) returned 1 [0056.272] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0056.272] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0056.272] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0056.272] CloseHandle (hObject=0x80) returned 1 [0056.284] GetProcessHeap () returned 0x570000 [0056.284] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5935a8 | out: hHeap=0x570000) returned 1 [0056.285] GetProcessHeap () returned 0x570000 [0056.285] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592338 | out: hHeap=0x570000) returned 1 [0056.285] GetProcessHeap () returned 0x570000 [0056.285] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923b0 | out: hHeap=0x570000) returned 1 [0056.285] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\Default\\AppData\\Local\\IconCache.db" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\IconCache.db") returned="C:\\Users\\Default\\AppData\\Local\\IconCache.db" [0056.285] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\IconCache.db", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\IconCache.db.{Killback@protonmail.com}KBK") returned="C:\\Users\\Default\\AppData\\Local\\IconCache.db.{Killback@protonmail.com}KBK" [0056.285] MoveFileExW (lpExistingFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db"), lpNewFileName="C:\\Users\\Default\\AppData\\Local\\IconCache.db.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\default\\appdata\\local\\iconcache.db.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0056.285] PathRemoveFileSpecW (in: pszPath="C:\\Users\\Default\\AppData\\Local\\IconCache.db" | out: pszPath="C:\\Users\\Default\\AppData\\Local") returned 1 [0056.285] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\") returned="C:\\Users\\Default\\AppData\\Local\\" [0056.286] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\decrypt_files.html") returned="C:\\Users\\Default\\AppData\\Local\\decrypt_files.html" [0056.286] GetFileAttributesW (lpFileName="C:\\Users\\Default\\AppData\\Local\\decrypt_files.html" (normalized: "c:\\users\\default\\appdata\\local\\decrypt_files.html")) returned 0xffffffff [0056.286] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\decrypt_files.html" (normalized: "c:\\users\\default\\appdata\\local\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.286] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0056.286] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0056.287] CloseHandle (hObject=0x80) returned 1 [0056.287] GetProcessHeap () returned 0x570000 [0056.287] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.287] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x184eadb, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0056.287] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0056.287] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0056.287] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\", lpString2="Microsoft" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Microsoft") returned="C:\\Users\\Default\\AppData\\Local\\Microsoft" [0056.287] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0056.287] GetProcessHeap () returned 0x570000 [0056.288] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0056.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft", lpUsedDefaultChar=0x0) returned 10 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 2 [0056.288] GetProcessHeap () returned 0x570000 [0056.288] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.288] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0056.288] lstrcmpiW (lpString1="Temp", lpString2=".") returned 1 [0056.288] lstrcmpiW (lpString1="Temp", lpString2="..") returned 1 [0056.288] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\", lpString2="Temp" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temp") returned="C:\\Users\\Default\\AppData\\Local\\Temp" [0056.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Temp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0056.288] GetProcessHeap () returned 0x570000 [0056.288] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5) returned 0x58ee30 [0056.288] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Temp", cchWideChar=-1, lpMultiByteStr=0x58ee30, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Temp", lpUsedDefaultChar=0x0) returned 5 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.288] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.289] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temp", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0056.290] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temp\\") returned="C:\\Users\\Default\\AppData\\Local\\Temp\\" [0056.290] GetProcessHeap () returned 0x570000 [0056.290] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee80 [0056.290] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Local\\Temp\\") returned 36 [0056.290] GetProcessHeap () returned 0x570000 [0056.290] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4a) returned 0x592338 [0056.290] lstrcpyW (in: lpString1=0x592338, lpString2="C:\\Users\\Default\\AppData\\Local\\Temp\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temp\\") returned="C:\\Users\\Default\\AppData\\Local\\Temp\\" [0056.290] GetProcessHeap () returned 0x570000 [0056.290] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.290] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 1 [0056.290] lstrcmpiW (lpString1="Temporary Internet Files", lpString2=".") returned 1 [0056.290] lstrcmpiW (lpString1="Temporary Internet Files", lpString2="..") returned 1 [0056.290] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\", lpString2="Temporary Internet Files" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files") returned="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files" [0056.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Temporary Internet Files", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 25 [0056.290] GetProcessHeap () returned 0x570000 [0056.290] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x19) returned 0x590698 [0056.290] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Temporary Internet Files", cchWideChar=-1, lpMultiByteStr=0x590698, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Temporary Internet Files", lpUsedDefaultChar=0x0) returned 25 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.290] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0056.291] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.292] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0056.292] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.292] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Temporary Internet Files", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0056.292] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files", lpString2="\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\") returned="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\" [0056.292] GetProcessHeap () returned 0x570000 [0056.292] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee30 [0056.292] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\") returned 56 [0056.292] GetProcessHeap () returned 0x570000 [0056.292] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x72) returned 0x580ff8 [0056.292] lstrcpyW (in: lpString1=0x580ff8, lpString2="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\") returned="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\" [0056.292] GetProcessHeap () returned 0x570000 [0056.292] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590698 | out: hHeap=0x570000) returned 1 [0056.292] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 0 [0056.292] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.292] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\") returned="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\" [0056.292] GetProcessHeap () returned 0x570000 [0056.292] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x580ff8 | out: hHeap=0x570000) returned 1 [0056.292] GetProcessHeap () returned 0x570000 [0056.292] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.292] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\") returned 56 [0056.292] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\*") returned="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\*" [0056.292] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Temporary Internet Files\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Temporary Internet Files", cAlternateFileName="TEMPOR~1")) returned 0xffffffff [0056.292] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\AppData\\Local\\Temp\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temp\\") returned="C:\\Users\\Default\\AppData\\Local\\Temp\\" [0056.293] GetProcessHeap () returned 0x570000 [0056.293] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592338 | out: hHeap=0x570000) returned 1 [0056.293] GetProcessHeap () returned 0x570000 [0056.293] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.293] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Local\\Temp\\") returned 36 [0056.293] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\Temp\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temp\\*") returned="C:\\Users\\Default\\AppData\\Local\\Temp\\*" [0056.293] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Temp\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.293] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.293] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfda27f60, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b34dcb8, ftLastWriteTime.dwHighDateTime=0x1cb8930, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.293] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.293] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.293] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x77398c9, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 1 [0056.293] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2=".") returned 1 [0056.293] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="..") returned 1 [0056.293] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\Temp\\", lpString2="FXSAPIDebugLogFile.txt" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt") returned="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" [0056.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FXSAPIDebugLogFile.txt", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 23 [0056.293] GetProcessHeap () returned 0x570000 [0056.293] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x17) returned 0x58fdc0 [0056.293] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="FXSAPIDebugLogFile.txt", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=23, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="FXSAPIDebugLogFile.txt", lpUsedDefaultChar=0x0) returned 23 [0056.293] lstrlenA (lpString="FXSAPIDebugLogFile.txt") returned 22 [0056.293] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.293] lstrlenA (lpString="FXSAPIDebugLogFile.txt") returned 22 [0056.293] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.294] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="decrypt_files.html") returned 1 [0056.294] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0056.294] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0056.294] lstrcmpiW (lpString1="FXSAPIDebugLogFile.txt", lpString2="sihvgt.exe") returned -1 [0056.294] _alloca_probe () returned 0x40908b [0056.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 59 [0056.294] GetProcessHeap () returned 0x570000 [0056.294] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3b) returned 0x5876f8 [0056.294] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt", cchWideChar=-1, lpMultiByteStr=0x5876f8, cbMultiByte=59, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt", lpUsedDefaultChar=0x0) returned 59 [0056.294] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0056.294] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{1C6AF53A-19F4-4C3C-9436-CD9E43A51F64}") returned 38 [0056.294] lstrlenA (lpString="{1C6AF53A-19F4-4C3C-9436-CD9E43A51F64}") returned 38 [0056.294] CreateFileW (lpFileName="C:\\Users\\Default\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt" (normalized: "c:\\users\\default\\appdata\\local\\temp\\fxsapidebuglogfile.txt"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.295] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=0) returned 1 [0056.295] lstrlenA (lpString="rsa_encrypt") returned 11 [0056.295] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592338) returned 1 [0056.296] CryptGenRandom (in: hProv=0x592338, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0056.296] CryptReleaseContext (hProv=0x592338, dwFlags=0x0) returned 1 [0056.296] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0056.296] GetProcessHeap () returned 0x570000 [0056.296] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592338 [0056.296] lstrlenA (lpString="010001") returned 6 [0056.296] GetProcessHeap () returned 0x570000 [0056.296] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee80 [0056.296] GetProcessHeap () returned 0x570000 [0056.296] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923c0 [0056.296] GetProcessHeap () returned 0x570000 [0056.296] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0056.296] GetProcessHeap () returned 0x570000 [0056.296] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923c0 | out: hHeap=0x570000) returned 1 [0056.296] GetProcessHeap () returned 0x570000 [0056.296] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0056.296] GetProcessHeap () returned 0x570000 [0056.296] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c0d8 [0056.296] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58ee30 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c1f0 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923c0 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592448 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee30 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f68 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923c0 | out: hHeap=0x570000) returned 1 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.297] GetProcessHeap () returned 0x570000 [0056.297] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.298] GetProcessHeap () returned 0x570000 [0056.298] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.298] GetProcessHeap () returned 0x570000 [0056.299] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.299] GetProcessHeap () returned 0x570000 [0056.299] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.300] GetProcessHeap () returned 0x570000 [0056.300] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.301] GetProcessHeap () returned 0x570000 [0056.301] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.301] GetProcessHeap () returned 0x570000 [0056.302] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.302] GetProcessHeap () returned 0x570000 [0056.302] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.303] GetProcessHeap () returned 0x570000 [0056.303] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58ee50 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee50 | out: hHeap=0x570000) returned 1 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592448 | out: hHeap=0x570000) returned 1 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0056.304] GetProcessHeap () returned 0x570000 [0056.304] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.305] GetProcessHeap () returned 0x570000 [0056.305] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0056.305] GetProcessHeap () returned 0x570000 [0056.305] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0056.305] GetProcessHeap () returned 0x570000 [0056.305] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0056.305] GetProcessHeap () returned 0x570000 [0056.305] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0056.305] GetProcessHeap () returned 0x570000 [0056.305] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee80 | out: hHeap=0x570000) returned 1 [0056.305] GetProcessHeap () returned 0x570000 [0056.305] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592338 | out: hHeap=0x570000) returned 1 [0056.305] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0056.306] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0056.306] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0056.306] CloseHandle (hObject=0x80) returned 1 [0056.307] GetProcessHeap () returned 0x570000 [0056.307] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5876f8 | out: hHeap=0x570000) returned 1 [0056.307] GetProcessHeap () returned 0x570000 [0056.307] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0056.307] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x77398c9, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 0 [0056.307] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.307] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\AppData\\Local\\History\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\History\\") returned="C:\\Users\\Default\\AppData\\Local\\History\\" [0056.307] GetProcessHeap () returned 0x570000 [0056.307] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0056.307] GetProcessHeap () returned 0x570000 [0056.307] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.307] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Local\\History\\") returned 39 [0056.307] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\History\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\History\\*") returned="C:\\Users\\Default\\AppData\\Local\\History\\*" [0056.307] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\History\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x77398c9, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 0xffffffff [0056.308] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\Default\\AppData\\Local\\Application Data\\" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Application Data\\") returned="C:\\Users\\Default\\AppData\\Local\\Application Data\\" [0056.308] GetProcessHeap () returned 0x570000 [0056.308] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ef0 | out: hHeap=0x570000) returned 1 [0056.308] GetProcessHeap () returned 0x570000 [0056.308] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee40 | out: hHeap=0x570000) returned 1 [0056.308] lstrlenW (lpString="C:\\Users\\Default\\AppData\\Local\\Application Data\\") returned 48 [0056.308] lstrcatW (in: lpString1="C:\\Users\\Default\\AppData\\Local\\Application Data\\", lpString2="*" | out: lpString1="C:\\Users\\Default\\AppData\\Local\\Application Data\\*") returned="C:\\Users\\Default\\AppData\\Local\\Application Data\\*" [0056.308] FindFirstFileW (in: lpFileName="C:\\Users\\Default\\AppData\\Local\\Application Data\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6451100, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6451100, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x77398c9, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="FXSAPIDebugLogFile.txt", cAlternateFileName="FXSAPI~1.TXT")) returned 0xffffffff [0056.308] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\All Users\\" | out: lpString1="C:\\Users\\All Users\\") returned="C:\\Users\\All Users\\" [0056.308] GetProcessHeap () returned 0x570000 [0056.308] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588ec0 | out: hHeap=0x570000) returned 1 [0056.308] GetProcessHeap () returned 0x570000 [0056.308] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee10 | out: hHeap=0x570000) returned 1 [0056.308] lstrlenW (lpString="C:\\Users\\All Users\\") returned 19 [0056.308] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="*" | out: lpString1="C:\\Users\\All Users\\*") returned="C:\\Users\\All Users\\*" [0056.308] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.308] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.308] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.308] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.308] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.308] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8000ce40, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xe4efbbe0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0xe4efbbe0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Adobe", cAlternateFileName="")) returned 1 [0056.308] lstrcmpiW (lpString1="Adobe", lpString2=".") returned 1 [0056.309] lstrcmpiW (lpString1="Adobe", lpString2="..") returned 1 [0056.309] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Adobe" | out: lpString1="C:\\Users\\All Users\\Adobe") returned="C:\\Users\\All Users\\Adobe" [0056.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Adobe", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 6 [0056.309] GetProcessHeap () returned 0x570000 [0056.309] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x6) returned 0x58ee10 [0056.309] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Adobe", cchWideChar=-1, lpMultiByteStr=0x58ee10, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Adobe", lpUsedDefaultChar=0x0) returned 6 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.309] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.310] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Adobe", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.310] lstrcatW (in: lpString1="C:\\Users\\All Users\\Adobe", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Adobe\\") returned="C:\\Users\\All Users\\Adobe\\" [0056.310] GetProcessHeap () returned 0x570000 [0056.310] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee40 [0056.310] lstrlenW (lpString="C:\\Users\\All Users\\Adobe\\") returned 25 [0056.310] GetProcessHeap () returned 0x570000 [0056.310] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x34) returned 0x5925e8 [0056.310] lstrcpyW (in: lpString1=0x5925e8, lpString2="C:\\Users\\All Users\\Adobe\\" | out: lpString1="C:\\Users\\All Users\\Adobe\\") returned="C:\\Users\\All Users\\Adobe\\" [0056.310] GetProcessHeap () returned 0x570000 [0056.311] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee10 | out: hHeap=0x570000) returned 1 [0056.311] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0056.311] lstrcmpiW (lpString1="Application Data", lpString2=".") returned 1 [0056.311] lstrcmpiW (lpString1="Application Data", lpString2="..") returned 1 [0056.311] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Application Data" | out: lpString1="C:\\Users\\All Users\\Application Data") returned="C:\\Users\\All Users\\Application Data" [0056.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Application Data", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 17 [0056.311] GetProcessHeap () returned 0x570000 [0056.311] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x11) returned 0x58fdc0 [0056.311] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Application Data", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Application Data", lpUsedDefaultChar=0x0) returned 17 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.311] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.312] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Application Data", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.312] lstrcatW (in: lpString1="C:\\Users\\All Users\\Application Data", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Application Data\\") returned="C:\\Users\\All Users\\Application Data\\" [0056.312] GetProcessHeap () returned 0x570000 [0056.312] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee10 [0056.312] lstrlenW (lpString="C:\\Users\\All Users\\Application Data\\") returned 36 [0056.312] GetProcessHeap () returned 0x570000 [0056.312] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4a) returned 0x588ec0 [0056.313] lstrcpyW (in: lpString1=0x588ec0, lpString2="C:\\Users\\All Users\\Application Data\\" | out: lpString1="C:\\Users\\All Users\\Application Data\\") returned="C:\\Users\\All Users\\Application Data\\" [0056.313] GetProcessHeap () returned 0x570000 [0056.313] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0056.313] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0056.313] lstrcmpiW (lpString1="Desktop", lpString2=".") returned 1 [0056.313] lstrcmpiW (lpString1="Desktop", lpString2="..") returned 1 [0056.313] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Desktop" | out: lpString1="C:\\Users\\All Users\\Desktop") returned="C:\\Users\\All Users\\Desktop" [0056.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Desktop", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0056.313] GetProcessHeap () returned 0x570000 [0056.313] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee90 [0056.313] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Desktop", cchWideChar=-1, lpMultiByteStr=0x58ee90, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Desktop", lpUsedDefaultChar=0x0) returned 8 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.313] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.314] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Desktop", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.314] lstrcatW (in: lpString1="C:\\Users\\All Users\\Desktop", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Desktop\\") returned="C:\\Users\\All Users\\Desktop\\" [0056.314] GetProcessHeap () returned 0x570000 [0056.315] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee80 [0056.315] lstrlenW (lpString="C:\\Users\\All Users\\Desktop\\") returned 27 [0056.315] GetProcessHeap () returned 0x570000 [0056.315] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x38) returned 0x592628 [0056.315] lstrcpyW (in: lpString1=0x592628, lpString2="C:\\Users\\All Users\\Desktop\\" | out: lpString1="C:\\Users\\All Users\\Desktop\\") returned="C:\\Users\\All Users\\Desktop\\" [0056.315] GetProcessHeap () returned 0x570000 [0056.315] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee90 | out: hHeap=0x570000) returned 1 [0056.315] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0056.315] lstrcmpiW (lpString1="Documents", lpString2=".") returned 1 [0056.315] lstrcmpiW (lpString1="Documents", lpString2="..") returned 1 [0056.315] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Documents" | out: lpString1="C:\\Users\\All Users\\Documents") returned="C:\\Users\\All Users\\Documents" [0056.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Documents", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0056.315] GetProcessHeap () returned 0x570000 [0056.315] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0056.315] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Documents", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Documents", lpUsedDefaultChar=0x0) returned 10 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.315] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.316] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Documents", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.317] lstrcatW (in: lpString1="C:\\Users\\All Users\\Documents", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Documents\\") returned="C:\\Users\\All Users\\Documents\\" [0056.317] GetProcessHeap () returned 0x570000 [0056.317] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee90 [0056.317] lstrlenW (lpString="C:\\Users\\All Users\\Documents\\") returned 29 [0056.317] GetProcessHeap () returned 0x570000 [0056.317] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3c) returned 0x5876f8 [0056.317] lstrcpyW (in: lpString1=0x5876f8, lpString2="C:\\Users\\All Users\\Documents\\" | out: lpString1="C:\\Users\\All Users\\Documents\\") returned="C:\\Users\\All Users\\Documents\\" [0056.317] GetProcessHeap () returned 0x570000 [0056.317] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.317] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3074f252, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3074f252, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3074f252, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0056.317] lstrcmpiW (lpString1="Favorites", lpString2=".") returned 1 [0056.317] lstrcmpiW (lpString1="Favorites", lpString2="..") returned 1 [0056.317] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Favorites" | out: lpString1="C:\\Users\\All Users\\Favorites") returned="C:\\Users\\All Users\\Favorites" [0056.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Favorites", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0056.317] GetProcessHeap () returned 0x570000 [0056.317] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0056.317] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Favorites", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Favorites", lpUsedDefaultChar=0x0) returned 10 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.317] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.318] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.319] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.319] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.319] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.319] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.319] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.319] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.319] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.319] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Favorites", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.319] lstrcatW (in: lpString1="C:\\Users\\All Users\\Favorites", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Favorites\\") returned="C:\\Users\\All Users\\Favorites\\" [0056.319] GetProcessHeap () returned 0x570000 [0056.319] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee50 [0056.319] lstrlenW (lpString="C:\\Users\\All Users\\Favorites\\") returned 29 [0056.319] GetProcessHeap () returned 0x570000 [0056.319] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3c) returned 0x587788 [0056.319] lstrcpyW (in: lpString1=0x587788, lpString2="C:\\Users\\All Users\\Favorites\\" | out: lpString1="C:\\Users\\All Users\\Favorites\\") returned="C:\\Users\\All Users\\Favorites\\" [0056.319] GetProcessHeap () returned 0x570000 [0056.319] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.319] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2014, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80ac5760, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0x80ac5760, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft", cAlternateFileName="MICROS~1")) returned 1 [0056.319] lstrcmpiW (lpString1="Microsoft", lpString2=".") returned 1 [0056.319] lstrcmpiW (lpString1="Microsoft", lpString2="..") returned 1 [0056.319] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Microsoft" | out: lpString1="C:\\Users\\All Users\\Microsoft") returned="C:\\Users\\All Users\\Microsoft" [0056.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0056.319] GetProcessHeap () returned 0x570000 [0056.319] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0056.319] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft", lpUsedDefaultChar=0x0) returned 10 [0056.319] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.319] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 2 [0056.319] GetProcessHeap () returned 0x570000 [0056.320] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.320] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xe79db030, ftCreationTime.dwHighDateTime=0x1d2dda1, ftLastAccessTime.dwLowDateTime=0xed25d0a0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xed25d0a0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Microsoft Help", cAlternateFileName="MICROS~2")) returned 1 [0056.320] lstrcmpiW (lpString1="Microsoft Help", lpString2=".") returned 1 [0056.320] lstrcmpiW (lpString1="Microsoft Help", lpString2="..") returned 1 [0056.320] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Microsoft Help" | out: lpString1="C:\\Users\\All Users\\Microsoft Help") returned="C:\\Users\\All Users\\Microsoft Help" [0056.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft Help", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0056.320] GetProcessHeap () returned 0x570000 [0056.320] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590f68 [0056.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Microsoft Help", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Help", lpUsedDefaultChar=0x0) returned 15 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Help", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Help", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Microsoft Help", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 2 [0056.320] GetProcessHeap () returned 0x570000 [0056.320] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.320] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xaf8556a0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xaf8556a0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xaf8556a0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Mozilla", cAlternateFileName="")) returned 1 [0056.320] lstrcmpiW (lpString1="Mozilla", lpString2=".") returned 1 [0056.320] lstrcmpiW (lpString1="Mozilla", lpString2="..") returned 1 [0056.320] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Mozilla" | out: lpString1="C:\\Users\\All Users\\Mozilla") returned="C:\\Users\\All Users\\Mozilla" [0056.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Mozilla", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 8 [0056.320] GetProcessHeap () returned 0x570000 [0056.320] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee30 [0056.320] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Mozilla", cchWideChar=-1, lpMultiByteStr=0x58ee30, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Mozilla", lpUsedDefaultChar=0x0) returned 8 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.320] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.321] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.322] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.322] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.322] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.322] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.322] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.322] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.322] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.322] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Mozilla", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.322] lstrcatW (in: lpString1="C:\\Users\\All Users\\Mozilla", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Mozilla\\") returned="C:\\Users\\All Users\\Mozilla\\" [0056.322] GetProcessHeap () returned 0x570000 [0056.322] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eeb0 [0056.322] lstrlenW (lpString="C:\\Users\\All Users\\Mozilla\\") returned 27 [0056.322] GetProcessHeap () returned 0x570000 [0056.322] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x38) returned 0x592668 [0056.322] lstrcpyW (in: lpString1=0x592668, lpString2="C:\\Users\\All Users\\Mozilla\\" | out: lpString1="C:\\Users\\All Users\\Mozilla\\") returned="C:\\Users\\All Users\\Mozilla\\" [0056.322] GetProcessHeap () returned 0x570000 [0056.322] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.322] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7e3c6d00, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x7e3c6d00, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x7eea3160, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Oracle", cAlternateFileName="")) returned 1 [0056.322] lstrcmpiW (lpString1="Oracle", lpString2=".") returned 1 [0056.322] lstrcmpiW (lpString1="Oracle", lpString2="..") returned 1 [0056.322] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Oracle" | out: lpString1="C:\\Users\\All Users\\Oracle") returned="C:\\Users\\All Users\\Oracle" [0056.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Oracle", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0056.322] GetProcessHeap () returned 0x570000 [0056.322] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7) returned 0x58ee30 [0056.322] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Oracle", cchWideChar=-1, lpMultiByteStr=0x58ee30, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Oracle", lpUsedDefaultChar=0x0) returned 7 [0056.322] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.322] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.323] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.324] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Oracle", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.324] lstrcatW (in: lpString1="C:\\Users\\All Users\\Oracle", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Oracle\\") returned="C:\\Users\\All Users\\Oracle\\" [0056.324] GetProcessHeap () returned 0x570000 [0056.324] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee70 [0056.324] lstrlenW (lpString="C:\\Users\\All Users\\Oracle\\") returned 26 [0056.324] GetProcessHeap () returned 0x570000 [0056.324] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x36) returned 0x5926a8 [0056.324] lstrcpyW (in: lpString1=0x5926a8, lpString2="C:\\Users\\All Users\\Oracle\\" | out: lpString1="C:\\Users\\All Users\\Oracle\\") returned="C:\\Users\\All Users\\Oracle\\" [0056.324] GetProcessHeap () returned 0x570000 [0056.324] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.324] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Package Cache", cAlternateFileName="PACKAG~1")) returned 1 [0056.324] lstrcmpiW (lpString1="Package Cache", lpString2=".") returned 1 [0056.324] lstrcmpiW (lpString1="Package Cache", lpString2="..") returned 1 [0056.324] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Package Cache" | out: lpString1="C:\\Users\\All Users\\Package Cache") returned="C:\\Users\\All Users\\Package Cache" [0056.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Package Cache", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 14 [0056.325] GetProcessHeap () returned 0x570000 [0056.325] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xe) returned 0x590f68 [0056.325] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Package Cache", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=14, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Package Cache", lpUsedDefaultChar=0x0) returned 14 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.325] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.326] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Package Cache", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.326] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\") returned="C:\\Users\\All Users\\Package Cache\\" [0056.326] GetProcessHeap () returned 0x570000 [0056.326] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee30 [0056.326] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\") returned 33 [0056.326] GetProcessHeap () returned 0x570000 [0056.326] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x44) returned 0x589108 [0056.326] lstrcpyW (in: lpString1=0x589108, lpString2="C:\\Users\\All Users\\Package Cache\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\") returned="C:\\Users\\All Users\\Package Cache\\" [0056.326] GetProcessHeap () returned 0x570000 [0056.326] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.326] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0056.327] lstrcmpiW (lpString1="Start Menu", lpString2=".") returned 1 [0056.327] lstrcmpiW (lpString1="Start Menu", lpString2="..") returned 1 [0056.327] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Start Menu" | out: lpString1="C:\\Users\\All Users\\Start Menu") returned="C:\\Users\\All Users\\Start Menu" [0056.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Start Menu", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 11 [0056.327] GetProcessHeap () returned 0x570000 [0056.327] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xb) returned 0x590f68 [0056.327] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Start Menu", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Start Menu", lpUsedDefaultChar=0x0) returned 11 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.327] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.328] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Start Menu", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0056.328] lstrcatW (in: lpString1="C:\\Users\\All Users\\Start Menu", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Start Menu\\") returned="C:\\Users\\All Users\\Start Menu\\" [0056.328] GetProcessHeap () returned 0x570000 [0056.328] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee60 [0056.328] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\") returned 30 [0056.328] GetProcessHeap () returned 0x570000 [0056.328] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3e) returned 0x5877d0 [0056.328] lstrcpyW (in: lpString1=0x5877d0, lpString2="C:\\Users\\All Users\\Start Menu\\" | out: lpString1="C:\\Users\\All Users\\Start Menu\\") returned="C:\\Users\\All Users\\Start Menu\\" [0056.328] GetProcessHeap () returned 0x570000 [0056.329] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.329] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Sun", cAlternateFileName="")) returned 1 [0056.329] lstrcmpiW (lpString1="Sun", lpString2=".") returned 1 [0056.329] lstrcmpiW (lpString1="Sun", lpString2="..") returned 1 [0056.329] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Sun" | out: lpString1="C:\\Users\\All Users\\Sun") returned="C:\\Users\\All Users\\Sun" [0056.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sun", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 4 [0056.329] GetProcessHeap () returned 0x570000 [0056.329] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x4) returned 0x58eec0 [0056.329] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Sun", cchWideChar=-1, lpMultiByteStr=0x58eec0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Sun", lpUsedDefaultChar=0x0) returned 4 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.329] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.330] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Sun", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0056.330] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Sun\\") returned="C:\\Users\\All Users\\Sun\\" [0056.330] GetProcessHeap () returned 0x570000 [0056.330] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eef0 [0056.331] lstrlenW (lpString="C:\\Users\\All Users\\Sun\\") returned 23 [0056.331] GetProcessHeap () returned 0x570000 [0056.331] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x30) returned 0x5935a8 [0056.331] lstrcpyW (in: lpString1=0x5935a8, lpString2="C:\\Users\\All Users\\Sun\\" | out: lpString1="C:\\Users\\All Users\\Sun\\") returned="C:\\Users\\All Users\\Sun\\" [0056.331] GetProcessHeap () returned 0x570000 [0056.331] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0056.331] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0056.331] lstrcmpiW (lpString1="Templates", lpString2=".") returned 1 [0056.331] lstrcmpiW (lpString1="Templates", lpString2="..") returned 1 [0056.331] lstrcatW (in: lpString1="C:\\Users\\All Users\\", lpString2="Templates" | out: lpString1="C:\\Users\\All Users\\Templates") returned="C:\\Users\\All Users\\Templates" [0056.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Templates", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 10 [0056.331] GetProcessHeap () returned 0x570000 [0056.331] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa) returned 0x590f68 [0056.331] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Templates", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Templates", lpUsedDefaultChar=0x0) returned 10 [0056.331] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.331] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0056.331] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0056.331] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.331] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.331] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.331] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.331] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 3 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.332] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.333] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Templates", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0056.333] lstrcatW (in: lpString1="C:\\Users\\All Users\\Templates", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Templates\\") returned="C:\\Users\\All Users\\Templates\\" [0056.333] GetProcessHeap () returned 0x570000 [0056.333] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eec0 [0056.333] lstrlenW (lpString="C:\\Users\\All Users\\Templates\\") returned 29 [0056.333] GetProcessHeap () returned 0x570000 [0056.333] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3c) returned 0x587a10 [0056.333] lstrcpyW (in: lpString1=0x587a10, lpString2="C:\\Users\\All Users\\Templates\\" | out: lpString1="C:\\Users\\All Users\\Templates\\") returned="C:\\Users\\All Users\\Templates\\" [0056.333] GetProcessHeap () returned 0x570000 [0056.333] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.333] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0 [0056.333] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.334] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\All Users\\Templates\\" | out: lpString1="C:\\Users\\All Users\\Templates\\") returned="C:\\Users\\All Users\\Templates\\" [0056.334] GetProcessHeap () returned 0x570000 [0056.334] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587a10 | out: hHeap=0x570000) returned 1 [0056.334] GetProcessHeap () returned 0x570000 [0056.334] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0056.334] lstrlenW (lpString="C:\\Users\\All Users\\Templates\\") returned 29 [0056.334] lstrcatW (in: lpString1="C:\\Users\\All Users\\Templates\\", lpString2="*" | out: lpString1="C:\\Users\\All Users\\Templates\\*") returned="C:\\Users\\All Users\\Templates\\*" [0056.334] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Templates\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307753b3, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307753b3, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307753b3, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 0xffffffff [0056.334] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\All Users\\Sun\\" | out: lpString1="C:\\Users\\All Users\\Sun\\") returned="C:\\Users\\All Users\\Sun\\" [0056.334] GetProcessHeap () returned 0x570000 [0056.334] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5935a8 | out: hHeap=0x570000) returned 1 [0056.334] GetProcessHeap () returned 0x570000 [0056.334] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0056.334] lstrlenW (lpString="C:\\Users\\All Users\\Sun\\") returned 23 [0056.334] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\", lpString2="*" | out: lpString1="C:\\Users\\All Users\\Sun\\*") returned="C:\\Users\\All Users\\Sun\\*" [0056.334] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.335] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.335] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.335] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.335] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.335] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 1 [0056.335] lstrcmpiW (lpString1="Java", lpString2=".") returned 1 [0056.335] lstrcmpiW (lpString1="Java", lpString2="..") returned 1 [0056.335] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\", lpString2="Java" | out: lpString1="C:\\Users\\All Users\\Sun\\Java") returned="C:\\Users\\All Users\\Sun\\Java" [0056.335] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Java", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 5 [0056.335] GetProcessHeap () returned 0x570000 [0056.335] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x5) returned 0x58eef0 [0056.336] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Java", cchWideChar=-1, lpMultiByteStr=0x58eef0, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Java", lpUsedDefaultChar=0x0) returned 5 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.336] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.337] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.337] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\Java", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\") returned="C:\\Users\\All Users\\Sun\\Java\\" [0056.337] GetProcessHeap () returned 0x570000 [0056.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eec0 [0056.337] lstrlenW (lpString="C:\\Users\\All Users\\Sun\\Java\\") returned 28 [0056.337] GetProcessHeap () returned 0x570000 [0056.337] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x3a) returned 0x587a10 [0056.337] lstrcpyW (in: lpString1=0x587a10, lpString2="C:\\Users\\All Users\\Sun\\Java\\" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\") returned="C:\\Users\\All Users\\Sun\\Java\\" [0056.337] GetProcessHeap () returned 0x570000 [0056.337] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0056.337] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Java", cAlternateFileName="")) returned 0 [0056.337] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.338] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\All Users\\Sun\\Java\\" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\") returned="C:\\Users\\All Users\\Sun\\Java\\" [0056.338] GetProcessHeap () returned 0x570000 [0056.338] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x587a10 | out: hHeap=0x570000) returned 1 [0056.338] GetProcessHeap () returned 0x570000 [0056.338] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0056.338] lstrlenW (lpString="C:\\Users\\All Users\\Sun\\Java\\") returned 28 [0056.338] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\Java\\", lpString2="*" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\*") returned="C:\\Users\\All Users\\Sun\\Java\\*" [0056.338] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.338] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.338] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.338] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.338] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.338] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 1 [0056.338] lstrcmpiW (lpString1="Java Update", lpString2=".") returned 1 [0056.338] lstrcmpiW (lpString1="Java Update", lpString2="..") returned 1 [0056.338] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\Java\\", lpString2="Java Update" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update") returned="C:\\Users\\All Users\\Sun\\Java\\Java Update" [0056.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Java Update", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 12 [0056.338] GetProcessHeap () returned 0x570000 [0056.338] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xc) returned 0x590f68 [0056.338] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Java Update", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=12, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Java Update", lpUsedDefaultChar=0x0) returned 12 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0056.339] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.340] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="Java Update", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.340] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\") returned="C:\\Users\\All Users\\Sun\\Java\\Java Update\\" [0056.340] GetProcessHeap () returned 0x570000 [0056.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eec0 [0056.340] lstrlenW (lpString="C:\\Users\\All Users\\Sun\\Java\\Java Update\\") returned 40 [0056.340] GetProcessHeap () returned 0x570000 [0056.340] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x52) returned 0x588f18 [0056.340] lstrcpyW (in: lpString1=0x588f18, lpString2="C:\\Users\\All Users\\Sun\\Java\\Java Update\\" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\") returned="C:\\Users\\All Users\\Sun\\Java\\Java Update\\" [0056.340] GetProcessHeap () returned 0x570000 [0056.340] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.340] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Java Update", cAlternateFileName="JAVAUP~1")) returned 0 [0056.340] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.341] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\All Users\\Sun\\Java\\Java Update\\" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\") returned="C:\\Users\\All Users\\Sun\\Java\\Java Update\\" [0056.341] GetProcessHeap () returned 0x570000 [0056.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f18 | out: hHeap=0x570000) returned 1 [0056.341] GetProcessHeap () returned 0x570000 [0056.341] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0056.341] lstrlenW (lpString="C:\\Users\\All Users\\Sun\\Java\\Java Update\\") returned 40 [0056.341] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\", lpString2="*" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\*") returned="C:\\Users\\All Users\\Sun\\Java\\Java Update\\*" [0056.341] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.341] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.341] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.341] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.341] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.341] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 1 [0056.341] lstrcmpiW (lpString1="jaureglist.xml", lpString2=".") returned 1 [0056.341] lstrcmpiW (lpString1="jaureglist.xml", lpString2="..") returned 1 [0056.341] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\", lpString2="jaureglist.xml" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml") returned="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" [0056.341] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="jaureglist.xml", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 15 [0056.341] GetProcessHeap () returned 0x570000 [0056.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xf) returned 0x590f68 [0056.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="jaureglist.xml", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="jaureglist.xml", lpUsedDefaultChar=0x0) returned 15 [0056.342] lstrlenA (lpString="jaureglist.xml") returned 14 [0056.342] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.342] lstrlenA (lpString="jaureglist.xml") returned 14 [0056.342] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0056.342] lstrcmpiW (lpString1="jaureglist.xml", lpString2="decrypt_files.html") returned 1 [0056.342] lstrcmpiW (lpString1="jaureglist.xml", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0056.342] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0056.342] lstrcmpiW (lpString1="jaureglist.xml", lpString2="sihvgt.exe") returned -1 [0056.342] _alloca_probe () returned 0x40908b [0056.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 55 [0056.342] GetProcessHeap () returned 0x570000 [0056.342] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x37) returned 0x5926e8 [0056.342] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=55, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml", lpUsedDefaultChar=0x0) returned 55 [0056.342] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0056.342] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{7513743A-E4C6-4551-9FF1-4F01C4CA0213}") returned 38 [0056.342] lstrlenA (lpString="{7513743A-E4C6-4551-9FF1-4F01C4CA0213}") returned 38 [0056.342] CreateFileW (lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.342] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=119) returned 1 [0056.342] lstrlenA (lpString="{7513743A-E4C6-4551-9FF1-4F01C4CA0213}") returned 38 [0056.343] GetProcessHeap () returned 0x570000 [0056.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x588f18 [0056.343] GetProcessHeap () returned 0x570000 [0056.343] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5922e0 [0056.343] lstrlenA (lpString="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml") returned 54 [0056.353] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x77, lpOverlapped=0x0) returned 1 [0056.354] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.354] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0056.354] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0056.354] WriteFile (in: hFile=0x80, lpBuffer=0x50bb6c*, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bb6c*, lpNumberOfBytesWritten=0x50bb34*=0x20, lpOverlapped=0x0) returned 1 [0056.354] WriteFile (in: hFile=0x80, lpBuffer=0x50bbd4*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bbd4*, lpNumberOfBytesWritten=0x50bb34*=0x10, lpOverlapped=0x0) returned 1 [0056.355] lstrlenA (lpString="rsa_encrypt") returned 11 [0056.355] CryptAcquireContextW (in: phProv=0x50ae34, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x50ae34*=0x592368) returned 1 [0056.355] CryptGenRandom (in: hProv=0x592368, dwLen=0x80, pbBuffer=0x50ae4c | out: pbBuffer=0x50ae4c) returned 1 [0056.355] CryptReleaseContext (hProv=0x592368, dwFlags=0x0) returned 1 [0056.356] lstrlenA (lpString="968CCC24A82C2555EC680DE449EEF1767CAB3F57A2A5E9E8986C7B5CED096E8591D781F5468EFF3A1AE8467C0618658AC97C1EDECAE31DA73BBDFF73510BB0E40F1FEDBAE24B001FC1396A5C1169D1B13B4CA263ABEA88EB1DFD1449BA9F8715C2CF65C56A1E8A1EC40AF73870A63C3F76DD462D4E375024F8BC911EFCA9FECF") returned 256 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x592368 [0056.356] lstrlenA (lpString="010001") returned 6 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eec0 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923f0 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a058 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923f0 | out: hHeap=0x570000) returned 1 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a178 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x108) returned 0x58c1f0 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x4) returned 0x58eef0 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c0d8 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c538 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x5923f0 [0056.356] GetProcessHeap () returned 0x570000 [0056.356] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x10c) returned 0x592478 [0056.356] GetProcessHeap () returned 0x570000 [0056.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eef0 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f80 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x84) returned 0x58a208 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5923f0 | out: hHeap=0x570000) returned 1 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c420 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0xc) returned 0x590f98 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eef0 | out: hHeap=0x570000) returned 1 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x88) returned 0x58a208 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f98 | out: hHeap=0x570000) returned 1 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x104) returned 0x58c308 [0056.357] GetProcessHeap () returned 0x570000 [0056.357] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a208 | out: hHeap=0x570000) returned 1 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.358] GetProcessHeap () returned 0x570000 [0056.358] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.358] GetProcessHeap () returned 0x570000 [0056.359] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.359] GetProcessHeap () returned 0x570000 [0056.359] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.359] GetProcessHeap () returned 0x570000 [0056.360] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.360] GetProcessHeap () returned 0x570000 [0056.360] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.361] GetProcessHeap () returned 0x570000 [0056.361] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.362] GetProcessHeap () returned 0x570000 [0056.362] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.363] GetProcessHeap () returned 0x570000 [0056.363] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x8) returned 0x58eea0 [0056.364] GetProcessHeap () returned 0x570000 [0056.364] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eea0 | out: hHeap=0x570000) returned 1 [0056.364] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c538 | out: hHeap=0x570000) returned 1 [0056.365] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c420 | out: hHeap=0x570000) returned 1 [0056.365] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592478 | out: hHeap=0x570000) returned 1 [0056.365] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c308 | out: hHeap=0x570000) returned 1 [0056.365] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f80 | out: hHeap=0x570000) returned 1 [0056.365] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a178 | out: hHeap=0x570000) returned 1 [0056.365] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c1f0 | out: hHeap=0x570000) returned 1 [0056.365] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58a058 | out: hHeap=0x570000) returned 1 [0056.365] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58c0d8 | out: hHeap=0x570000) returned 1 [0056.365] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58eec0 | out: hHeap=0x570000) returned 1 [0056.365] GetProcessHeap () returned 0x570000 [0056.365] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x592368 | out: hHeap=0x570000) returned 1 [0056.365] WriteFile (in: hFile=0x80, lpBuffer=0x50b720*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50b720*, lpNumberOfBytesWritten=0x50bb34*=0x80, lpOverlapped=0x0) returned 1 [0056.365] lstrlenA (lpString="A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n") returned 768 [0056.365] WriteFile (in: hFile=0x80, lpBuffer=0x40cbe0*, nNumberOfBytesToWrite=0x300, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x40cbe0*, lpNumberOfBytesWritten=0x50bb34*=0x300, lpOverlapped=0x0) returned 1 [0056.366] CloseHandle (hObject=0x80) returned 1 [0056.368] GetProcessHeap () returned 0x570000 [0056.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.368] GetProcessHeap () returned 0x570000 [0056.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588f18 | out: hHeap=0x570000) returned 1 [0056.368] GetProcessHeap () returned 0x570000 [0056.368] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5922e0 | out: hHeap=0x570000) returned 1 [0056.368] lstrcpyW (in: lpString1=0x50ef8c, lpString2="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml") returned="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" [0056.368] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml", lpString2=".{Killback@protonmail.com}KBK" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml.{Killback@protonmail.com}KBK") returned="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml.{Killback@protonmail.com}KBK" [0056.368] MoveFileExW (lpExistingFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml"), lpNewFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml.{Killback@protonmail.com}KBK" (normalized: "c:\\users\\all users\\sun\\java\\java update\\jaureglist.xml.{killback@protonmail.com}kbk"), dwFlags=0x1) returned 1 [0056.369] PathRemoveFileSpecW (in: pszPath="C:\\Users\\All Users\\Sun\\Java\\Java Update\\jaureglist.xml" | out: pszPath="C:\\Users\\All Users\\Sun\\Java\\Java Update") returned 1 [0056.369] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\") returned="C:\\Users\\All Users\\Sun\\Java\\Java Update\\" [0056.369] lstrcatW (in: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\", lpString2="decrypt_files.html" | out: lpString1="C:\\Users\\All Users\\Sun\\Java\\Java Update\\decrypt_files.html") returned="C:\\Users\\All Users\\Sun\\Java\\Java Update\\decrypt_files.html" [0056.369] GetFileAttributesW (lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\decrypt_files.html" (normalized: "c:\\users\\all users\\sun\\java\\java update\\decrypt_files.html")) returned 0xffffffff [0056.369] CreateFileW (lpFileName="C:\\Users\\All Users\\Sun\\Java\\Java Update\\decrypt_files.html" (normalized: "c:\\users\\all users\\sun\\java\\java update\\decrypt_files.html"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x1, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0056.370] lstrlenA (lpString="\r\n \r\n \r\n \r\n DECRYPT FILES\r\n \r\n\r\n \r\n\r\n
\r\n

⚠Your ID (NEED FOR DECRYPT)⚠

\r\n
\r\n 
A0 C4 38 EF 79 CF 60 88 97 1B 2E 4A DF A9 A7 EA\nD8 7A 06 2A 2F 8B 91 B0 90 40 5E B7 66 D4 A6 EB\n1B 50 23 74 D9 B3 1B EB C4 57 27 8B F7 67 13 AF\n5D BB 12 0F 3B FA 71 B7 43 CF 4B 94 D4 78 96 C4\n7B 8E 27 C8 58 29 7C AC ED CC 52 EB AE D1 C6 68\n44 8C 69 3C 9D CD C7 C1 F5 9E 6C DE 6A 84 CF 40\nF4 FE 56 89 01 0B 98 F2 20 38 FC 22 57 8D 3F 1D\nA1 C3 BE 12 3A 61 11 20 FC 46 0E D3 06 BE CA EE\nF1 64 D2 98 E7 DD C5 6D 3F 31 01 54 95 19 73 EB\nCB 77 74 89 70 BB 53 0E BD 3C 49 4C 46 E5 5B 68\n75 53 D8 65 AA 1B 77 28 B2 2D BB BB 04 62 6D B0\n32 7C 56 3A 75 3D 6D 9D 30 BC BD 26 68 CF C0 B0\n0A 8F 0E 3E 8D 25 26 9C D9 15 18 2A F1 C5 0B 25\n8F 97 D3 F3 A6 54 23 2D 7F A6 14 C8 CC BA D3 01\n6A 1A 32 80 4D CB 01 0E D7 2B C7 37 B0 A0 09 E4\n79 F9 13 54 2A B0 B4 6C 42 3A A4 5F 63 AC 81 98\n\r\n
\r\n
\r\n
\r\n \r\n
\r\n \r\n
\r\n \r\n \r\n
\r\n

✖ Your files are encrypted! ✖

\r\n\r\n

If you see it - do not try to decrypt ▼the files yourself!!!▼

\r\n
\r\n

All your important data has been encrypted.

\r\n
\r\n
\r\n \r\n\x09\x09 \r\nTo decrypt all your files, you need a decryption program.
\r\n \r\nTo get a program to decrypt your data you need to do a few steps:
\r\n

☑1. \r\nTo make sure that we can actually decrypt your files. You can send us a file for the test.\r\nThis can be a picture or a text file.\r\nSize less than 5 MB. Send to our mail: Killback@protonmail.com .
\r\n

☑2. \r\nSend your PERSONAL ID in the letter (you will find it at the very beginning of this document)

\r\n\x09\x09\x09

☑3. \r\nWe will decode your test file so you are sure. We will also send you the amount you need to pay to get the program to decrypt.

\r\n ☑4. We will send you instructions on how to pay for the decryption program. After payment, we will send you a program and instructions on how to decrypt all the files.
\r\n

Attention!


\r\n
    \r\n\x09\x09\x09 Only we can decrypt your files.
    \r\n\x09\x09\x09 Do not try to decrypt your files yourself. You can damage them when trying to restore
    \r\n Do not run antivirus!
    \r\n Email us: Killback@protonmail.com immediately so we can help you.
    \r\n Decoders other users are not compatible with your data, because each user's unique encryption key
    \r\n
\r\n \r\n
\r\n
\r\n
\r\n \r\n\r\n \r\n \r\n
\r\n \r\n \r\n \r\n \r\n \r\n \r\n \r\n\r\n") returned 5565 [0056.370] WriteFile (in: hFile=0x80, lpBuffer=0x21f0020*, nNumberOfBytesToWrite=0x15bd, lpNumberOfBytesWritten=0x50dd18, lpOverlapped=0x0 | out: lpBuffer=0x21f0020*, lpNumberOfBytesWritten=0x50dd18*=0x15bd, lpOverlapped=0x0) returned 1 [0056.371] CloseHandle (hObject=0x80) returned 1 [0056.371] GetProcessHeap () returned 0x570000 [0056.371] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0056.371] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 0 [0056.371] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0056.371] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\All Users\\Start Menu\\" | out: lpString1="C:\\Users\\All Users\\Start Menu\\") returned="C:\\Users\\All Users\\Start Menu\\" [0056.371] GetProcessHeap () returned 0x570000 [0056.371] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5877d0 | out: hHeap=0x570000) returned 1 [0056.371] GetProcessHeap () returned 0x570000 [0056.371] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee60 | out: hHeap=0x570000) returned 1 [0056.371] lstrlenW (lpString="C:\\Users\\All Users\\Start Menu\\") returned 30 [0056.372] lstrcatW (in: lpString1="C:\\Users\\All Users\\Start Menu\\", lpString2="*" | out: lpString1="C:\\Users\\All Users\\Start Menu\\*") returned="C:\\Users\\All Users\\Start Menu\\*" [0056.372] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Start Menu\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x803771e0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x77, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="jaureglist.xml", cAlternateFileName="JAUREG~1.XML")) returned 0xffffffff [0056.372] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\All Users\\Package Cache\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\") returned="C:\\Users\\All Users\\Package Cache\\" [0056.372] GetProcessHeap () returned 0x570000 [0056.372] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x589108 | out: hHeap=0x570000) returned 1 [0056.372] GetProcessHeap () returned 0x570000 [0056.372] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58ee30 | out: hHeap=0x570000) returned 1 [0056.372] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\") returned 33 [0056.372] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="*" | out: lpString1="C:\\Users\\All Users\\Package Cache\\*") returned="C:\\Users\\All Users\\Package Cache\\*" [0056.372] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0056.549] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0056.549] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xecce51e0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0x4819be0, ftLastAccessTime.dwHighDateTime=0x1d2fc28, ftLastWriteTime.dwLowDateTime=0x4819be0, ftLastWriteTime.dwHighDateTime=0x1d2fc28, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0056.947] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0056.947] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0056.948] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2924cac0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x29272c20, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x29272c20, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cAlternateFileName="42D5BE~1")) returned 1 [0056.948] lstrcmpiW (lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2=".") returned 1 [0056.948] lstrcmpiW (lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2="..") returned 1 [0056.948] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="42D5BEC7DDFBD49E76467529CBC2868987BF8460" | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460" [0056.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0056.948] GetProcessHeap () returned 0x570000 [0056.948] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x29) returned 0x5935a8 [0056.948] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchWideChar=-1, lpMultiByteStr=0x5935a8, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpUsedDefaultChar=0x0) returned 41 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.948] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.949] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="42D5BEC7DDFBD49E76467529CBC2868987BF8460", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.949] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\" [0056.949] GetProcessHeap () returned 0x570000 [0056.949] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee30 [0056.950] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\") returned 74 [0056.950] GetProcessHeap () returned 0x570000 [0056.950] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x96) returned 0x5922e0 [0056.950] lstrcpyW (in: lpString1=0x5922e0, lpString2="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\") returned="C:\\Users\\All Users\\Package Cache\\42D5BEC7DDFBD49E76467529CBC2868987BF8460\\" [0056.950] GetProcessHeap () returned 0x570000 [0056.950] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5935a8 | out: hHeap=0x570000) returned 1 [0056.950] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa938e870, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa989d730, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa989d730, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cAlternateFileName="54050A~1")) returned 1 [0056.950] lstrcmpiW (lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2=".") returned 1 [0056.950] lstrcmpiW (lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2="..") returned 1 [0056.950] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D" [0056.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 41 [0056.950] GetProcessHeap () returned 0x570000 [0056.950] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x29) returned 0x5935a8 [0056.950] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchWideChar=-1, lpMultiByteStr=0x5935a8, cbMultiByte=41, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpUsedDefaultChar=0x0) returned 41 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.950] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.951] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.952] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\" [0056.952] GetProcessHeap () returned 0x570000 [0056.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ee60 [0056.952] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\") returned 74 [0056.952] GetProcessHeap () returned 0x570000 [0056.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x96) returned 0x592380 [0056.952] lstrcpyW (in: lpString1=0x592380, lpString2="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\") returned="C:\\Users\\All Users\\Package Cache\\54050A5F8AE7F0C56E553F0090146C17A1D2BF8D\\" [0056.952] GetProcessHeap () returned 0x570000 [0056.952] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5935a8 | out: hHeap=0x570000) returned 1 [0056.952] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcb49460, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcb95720, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcb95720, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cAlternateFileName="{13A4E~1.210")) returned 1 [0056.952] lstrcmpiW (lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2=".") returned 1 [0056.952] lstrcmpiW (lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2="..") returned 1 [0056.952] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005" [0056.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0056.952] GetProcessHeap () returned 0x570000 [0056.952] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x5926e8 [0056.952] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpUsedDefaultChar=0x0) returned 50 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.952] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.953] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.954] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\") returned="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\" [0056.954] GetProcessHeap () returned 0x570000 [0056.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eec0 [0056.954] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\") returned 83 [0056.954] GetProcessHeap () returned 0x570000 [0056.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x592420 [0056.954] lstrcpyW (in: lpString1=0x592420, lpString2="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\") returned="C:\\Users\\All Users\\Package Cache\\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}v12.0.21005\\" [0056.954] GetProcessHeap () returned 0x570000 [0056.954] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.954] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd0b340, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xecd314a0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xecd314a0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cAlternateFileName="{33D1F~1")) returned 1 [0056.954] lstrcmpiW (lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2=".") returned 1 [0056.954] lstrcmpiW (lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2="..") returned 1 [0056.954] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}") returned="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}" [0056.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0056.954] GetProcessHeap () returned 0x570000 [0056.954] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x27) returned 0x588da8 [0056.954] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpUsedDefaultChar=0x0) returned 39 [0056.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.954] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.955] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.956] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.956] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\") returned="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\" [0056.956] GetProcessHeap () returned 0x570000 [0056.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eea0 [0056.956] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\") returned 72 [0056.956] GetProcessHeap () returned 0x570000 [0056.956] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x92) returned 0x5924d0 [0056.956] lstrcpyW (in: lpString1=0x5924d0, lpString2="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\") returned="C:\\Users\\All Users\\Package Cache\\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}\\" [0056.956] GetProcessHeap () returned 0x570000 [0056.956] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0056.956] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfabe4080, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabe4080, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabe4080, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cAlternateFileName="{37B8F~1.610")) returned 1 [0056.956] lstrcmpiW (lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2=".") returned 1 [0056.956] lstrcmpiW (lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2="..") returned 1 [0056.956] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030" [0056.956] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0056.956] GetProcessHeap () returned 0x570000 [0056.957] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x5926e8 [0056.957] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpUsedDefaultChar=0x0) returned 50 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.957] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.958] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.958] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\") returned="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\" [0056.958] GetProcessHeap () returned 0x570000 [0056.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eef0 [0056.958] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\") returned 83 [0056.958] GetProcessHeap () returned 0x570000 [0056.958] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x593d90 [0056.958] lstrcpyW (in: lpString1=0x593d90, lpString2="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\") returned="C:\\Users\\All Users\\Package Cache\\{37B8F9C7-03FB-3253-8781-2517C99D7C00}v11.0.61030\\" [0056.958] GetProcessHeap () returned 0x570000 [0056.958] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.959] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a0db1a0, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a127460, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a127460, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cAlternateFileName="{3C3AA~1")) returned 1 [0056.959] lstrcmpiW (lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2=".") returned 1 [0056.959] lstrcmpiW (lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2="..") returned 1 [0056.959] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{3c3aafc8-d898-43ec-998f-965ffdae065a}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}") returned="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}" [0056.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0056.959] GetProcessHeap () returned 0x570000 [0056.959] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x27) returned 0x588da8 [0056.959] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpUsedDefaultChar=0x0) returned 39 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.959] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.960] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.961] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.961] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.961] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{3c3aafc8-d898-43ec-998f-965ffdae065a}", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.961] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\") returned="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\" [0056.961] GetProcessHeap () returned 0x570000 [0056.961] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eee0 [0056.961] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\") returned 72 [0056.961] GetProcessHeap () returned 0x570000 [0056.961] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x92) returned 0x593e40 [0056.961] lstrcpyW (in: lpString1=0x593e40, lpString2="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\") returned="C:\\Users\\All Users\\Package Cache\\{3c3aafc8-d898-43ec-998f-965ffdae065a}\\" [0056.961] GetProcessHeap () returned 0x570000 [0056.961] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0056.961] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cAlternateFileName="{582EA~1.250")) returned 1 [0056.961] lstrcmpiW (lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2=".") returned 1 [0056.961] lstrcmpiW (lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2="..") returned 1 [0056.961] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017" [0056.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0056.961] GetProcessHeap () returned 0x570000 [0056.961] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x33) returned 0x5926e8 [0056.961] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpUsedDefaultChar=0x0) returned 51 [0056.961] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.961] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.961] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.961] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.961] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.961] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.961] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.962] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.963] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.963] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.963] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.963] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.963] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.963] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.963] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.963] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.963] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.963] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\") returned="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\" [0056.963] GetProcessHeap () returned 0x570000 [0056.963] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef00 [0056.963] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\") returned 84 [0056.963] GetProcessHeap () returned 0x570000 [0056.963] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xaa) returned 0x593ee0 [0056.963] lstrcpyW (in: lpString1=0x593ee0, lpString2="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\") returned="C:\\Users\\All Users\\Package Cache\\{582EA838-9199-3518-A05C-DB09462F68EC}v14.10.25017\\" [0056.963] GetProcessHeap () returned 0x570000 [0056.963] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.963] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf94d4300, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf94d4300, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf94d4300, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cAlternateFileName="{68306~1.250")) returned 1 [0056.963] lstrcmpiW (lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2=".") returned 1 [0056.963] lstrcmpiW (lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2="..") returned 1 [0056.963] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017" [0056.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0056.963] GetProcessHeap () returned 0x570000 [0056.963] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x33) returned 0x5926e8 [0056.963] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpUsedDefaultChar=0x0) returned 51 [0056.963] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.964] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.965] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.965] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\") returned="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\" [0056.965] GetProcessHeap () returned 0x570000 [0056.965] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58eed0 [0056.965] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\") returned 84 [0056.965] GetProcessHeap () returned 0x570000 [0056.965] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xaa) returned 0x593f98 [0056.965] lstrcpyW (in: lpString1=0x593f98, lpString2="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\") returned="C:\\Users\\All Users\\Package Cache\\{68306422-7C57-373F-8860-D26CE4BA2A15}v14.10.25017\\" [0056.965] GetProcessHeap () returned 0x570000 [0056.965] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.966] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa931c450, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa931c450, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa931c450, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cAlternateFileName="{8D4F7~1.250")) returned 1 [0056.966] lstrcmpiW (lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2=".") returned 1 [0056.966] lstrcmpiW (lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2="..") returned 1 [0056.966] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017" [0056.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0056.966] GetProcessHeap () returned 0x570000 [0056.966] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x33) returned 0x5926e8 [0056.966] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpUsedDefaultChar=0x0) returned 51 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.966] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.967] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.967] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\") returned="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\" [0056.968] GetProcessHeap () returned 0x570000 [0056.968] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef30 [0056.968] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\") returned 84 [0056.968] GetProcessHeap () returned 0x570000 [0056.968] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xaa) returned 0x594050 [0056.968] lstrcpyW (in: lpString1=0x594050, lpString2="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\") returned="C:\\Users\\All Users\\Package Cache\\{8D4F7A6D-6B81-3DC8-9C21-6008E4866727}v14.10.25017\\" [0056.968] GetProcessHeap () returned 0x570000 [0056.968] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.968] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a1e5b40, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a20bca0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a20bca0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cAlternateFileName="{929FB~1.210")) returned 1 [0056.978] lstrcmpiW (lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2=".") returned 1 [0056.978] lstrcmpiW (lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2="..") returned 1 [0056.978] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005" [0056.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0056.978] GetProcessHeap () returned 0x570000 [0056.978] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x5926e8 [0056.978] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpUsedDefaultChar=0x0) returned 50 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.978] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.979] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.980] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.980] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.980] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.980] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\") returned="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\" [0056.980] GetProcessHeap () returned 0x570000 [0056.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef10 [0056.980] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\") returned 83 [0056.980] GetProcessHeap () returned 0x570000 [0056.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x594108 [0056.980] lstrcpyW (in: lpString1=0x594108, lpString2="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\") returned="C:\\Users\\All Users\\Package Cache\\{929FBD26-9020-399B-9A7A-751D61F0B942}v12.0.21005\\" [0056.980] GetProcessHeap () returned 0x570000 [0056.980] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.980] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x1a199880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0x1a1e5b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x1a1e5b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cAlternateFileName="{A749D~1.210")) returned 1 [0056.980] lstrcmpiW (lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2=".") returned 1 [0056.980] lstrcmpiW (lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2="..") returned 1 [0056.980] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005" [0056.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0056.980] GetProcessHeap () returned 0x570000 [0056.980] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x5926e8 [0056.980] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpUsedDefaultChar=0x0) returned 50 [0056.980] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.980] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.980] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.980] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.980] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.980] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.980] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.981] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.982] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.982] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.982] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.982] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.982] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.982] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.982] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.982] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.982] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.982] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.982] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\") returned="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\" [0056.982] GetProcessHeap () returned 0x570000 [0056.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef20 [0056.982] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\") returned 83 [0056.982] GetProcessHeap () returned 0x570000 [0056.982] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x5941b8 [0056.982] lstrcpyW (in: lpString1=0x5941b8, lpString2="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\") returned="C:\\Users\\All Users\\Package Cache\\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}v12.0.21005\\" [0056.982] GetProcessHeap () returned 0x570000 [0056.982] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.982] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xedbebcc0, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cAlternateFileName="{B1755~1.610")) returned 1 [0056.982] lstrcmpiW (lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2=".") returned 1 [0056.982] lstrcmpiW (lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2="..") returned 1 [0056.982] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030" [0056.982] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0056.983] GetProcessHeap () returned 0x570000 [0056.983] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x5926e8 [0056.983] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpUsedDefaultChar=0x0) returned 50 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.983] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.984] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.985] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.985] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.985] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.985] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.985] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.985] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.985] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\") returned="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\" [0056.985] GetProcessHeap () returned 0x570000 [0056.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef50 [0056.985] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\") returned 83 [0056.985] GetProcessHeap () returned 0x570000 [0056.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x594268 [0056.985] lstrcpyW (in: lpString1=0x594268, lpString2="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\") returned="C:\\Users\\All Users\\Package Cache\\{B175520C-86A2-35A7-8619-86DC379688B9}v11.0.61030\\" [0056.985] GetProcessHeap () returned 0x570000 [0056.985] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.985] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xecd7d760, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xedbebcc0, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xedbebcc0, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cAlternateFileName="{BD95A~1.610")) returned 1 [0056.985] lstrcmpiW (lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2=".") returned 1 [0056.985] lstrcmpiW (lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2="..") returned 1 [0056.985] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030" [0056.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0056.985] GetProcessHeap () returned 0x570000 [0056.985] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x5926e8 [0056.985] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpUsedDefaultChar=0x0) returned 50 [0056.985] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.985] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.985] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.986] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.987] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.987] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\") returned="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\" [0056.987] GetProcessHeap () returned 0x570000 [0056.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef40 [0056.987] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\") returned 83 [0056.987] GetProcessHeap () returned 0x570000 [0056.987] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x594318 [0056.987] lstrcpyW (in: lpString1=0x594318, lpString2="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\") returned="C:\\Users\\All Users\\Package Cache\\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}v11.0.61030\\" [0056.987] GetProcessHeap () returned 0x570000 [0056.987] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.987] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfaaff840, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfaaff840, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfaaff840, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cAlternateFileName="{CA675~1")) returned 1 [0056.988] lstrcmpiW (lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2=".") returned 1 [0056.988] lstrcmpiW (lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2="..") returned 1 [0056.988] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}") returned="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}" [0056.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0056.988] GetProcessHeap () returned 0x570000 [0056.988] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x27) returned 0x588da8 [0056.988] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpUsedDefaultChar=0x0) returned 39 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.988] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.989] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.989] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\") returned="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\" [0056.990] GetProcessHeap () returned 0x570000 [0056.990] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef60 [0056.990] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\") returned 72 [0056.990] GetProcessHeap () returned 0x570000 [0056.990] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x92) returned 0x5943c8 [0056.990] lstrcpyW (in: lpString1=0x5943c8, lpString2="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\") returned="C:\\Users\\All Users\\Package Cache\\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\\" [0056.990] GetProcessHeap () returned 0x570000 [0056.990] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0056.990] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfab71c60, ftCreationTime.dwHighDateTime=0x1d2e620, ftLastAccessTime.dwLowDateTime=0xfabbdf20, ftLastAccessTime.dwHighDateTime=0x1d2e620, ftLastWriteTime.dwLowDateTime=0xfabbdf20, ftLastWriteTime.dwHighDateTime=0x1d2e620, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cAlternateFileName="{CF2BE~1.610")) returned 1 [0056.990] lstrcmpiW (lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2=".") returned 1 [0056.990] lstrcmpiW (lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2="..") returned 1 [0056.990] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030") returned="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030" [0056.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0056.990] GetProcessHeap () returned 0x570000 [0056.990] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x5926e8 [0056.990] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpUsedDefaultChar=0x0) returned 50 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.990] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.991] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.992] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.992] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\") returned="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\" [0056.992] GetProcessHeap () returned 0x570000 [0056.992] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef70 [0056.992] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\") returned 83 [0056.992] GetProcessHeap () returned 0x570000 [0056.992] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x594468 [0056.992] lstrcpyW (in: lpString1=0x594468, lpString2="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\") returned="C:\\Users\\All Users\\Package Cache\\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}v11.0.61030\\" [0056.992] GetProcessHeap () returned 0x570000 [0056.992] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.992] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa93425b0, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa9368710, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa9368710, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cAlternateFileName="{E5127~1.250")) returned 1 [0056.992] lstrcmpiW (lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2=".") returned 1 [0056.992] lstrcmpiW (lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2="..") returned 1 [0056.992] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017") returned="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017" [0056.992] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 51 [0056.992] GetProcessHeap () returned 0x570000 [0056.992] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x33) returned 0x5926e8 [0056.993] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=51, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpUsedDefaultChar=0x0) returned 51 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.993] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.994] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.994] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\") returned="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\" [0056.994] GetProcessHeap () returned 0x570000 [0056.994] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef90 [0056.994] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\") returned 84 [0056.994] GetProcessHeap () returned 0x570000 [0056.994] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xaa) returned 0x594518 [0056.994] lstrcpyW (in: lpString1=0x594518, lpString2="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\") returned="C:\\Users\\All Users\\Package Cache\\{E512788E-C50B-3858-A4B9-73AD5F3F9E93}v14.10.25017\\" [0056.995] GetProcessHeap () returned 0x570000 [0056.995] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0056.995] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xa912d270, ftCreationTime.dwHighDateTime=0x1d2fab4, ftLastAccessTime.dwLowDateTime=0xa912d270, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xa912d270, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{e52a6842-b0ac-476e-b48f-378a97a67346}", cAlternateFileName="{E52A6~1")) returned 1 [0056.995] lstrcmpiW (lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2=".") returned 1 [0056.995] lstrcmpiW (lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2="..") returned 1 [0056.995] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{e52a6842-b0ac-476e-b48f-378a97a67346}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}") returned="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}" [0056.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0056.995] GetProcessHeap () returned 0x570000 [0056.995] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x27) returned 0x588da8 [0056.995] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{e52a6842-b0ac-476e-b48f-378a97a67346}", lpUsedDefaultChar=0x0) returned 39 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.995] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.996] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.997] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e52a6842-b0ac-476e-b48f-378a97a67346}", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.997] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\") returned="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\" [0056.997] GetProcessHeap () returned 0x570000 [0056.997] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58efa0 [0056.997] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\") returned 72 [0056.997] GetProcessHeap () returned 0x570000 [0056.997] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x92) returned 0x5945d0 [0056.997] lstrcpyW (in: lpString1=0x5945d0, lpString2="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\") returned="C:\\Users\\All Users\\Package Cache\\{e52a6842-b0ac-476e-b48f-378a97a67346}\\" [0056.997] GetProcessHeap () returned 0x570000 [0056.997] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0056.997] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xca64c20, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcad7040, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcad7040, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cAlternateFileName="{E6E75~1")) returned 1 [0056.997] lstrcmpiW (lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2=".") returned 1 [0056.997] lstrcmpiW (lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2="..") returned 1 [0056.997] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{e6e75766-da0f-4ba2-9788-6ea593ce702d}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}") returned="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}" [0056.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0056.997] GetProcessHeap () returned 0x570000 [0056.997] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x27) returned 0x588da8 [0056.997] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpUsedDefaultChar=0x0) returned 39 [0056.997] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0056.997] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0056.997] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0056.997] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0056.997] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0056.997] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0056.997] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0056.998] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0056.999] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{e6e75766-da0f-4ba2-9788-6ea593ce702d}", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0056.999] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\") returned="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\" [0056.999] GetProcessHeap () returned 0x570000 [0056.999] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58ef80 [0056.999] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\") returned 72 [0056.999] GetProcessHeap () returned 0x570000 [0056.999] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x92) returned 0x594670 [0056.999] lstrcpyW (in: lpString1=0x594670, lpString2="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\") returned="C:\\Users\\All Users\\Package Cache\\{e6e75766-da0f-4ba2-9788-6ea593ce702d}\\" [0056.999] GetProcessHeap () returned 0x570000 [0056.999] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0056.999] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf93c9960, ftCreationTime.dwHighDateTime=0x1d2fc27, ftLastAccessTime.dwLowDateTime=0xf93efac0, ftLastAccessTime.dwHighDateTime=0x1d2fc27, ftLastWriteTime.dwLowDateTime=0xf93efac0, ftLastWriteTime.dwHighDateTime=0x1d2fc27, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cAlternateFileName="{F325F~1")) returned 1 [0056.999] lstrcmpiW (lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2=".") returned 1 [0056.999] lstrcmpiW (lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2="..") returned 1 [0056.999] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{f325f05b-f963-4640-a43b-c8a494cdda0f}" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}") returned="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}" [0056.999] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 39 [0056.999] GetProcessHeap () returned 0x570000 [0056.999] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x27) returned 0x588da8 [0057.000] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchWideChar=-1, lpMultiByteStr=0x588da8, cbMultiByte=39, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpUsedDefaultChar=0x0) returned 39 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0057.000] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0057.001] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0057.002] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0057.002] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0057.002] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0057.002] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0057.002] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{f325f05b-f963-4640-a43b-c8a494cdda0f}", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0057.002] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\") returned="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\" [0057.002] GetProcessHeap () returned 0x570000 [0057.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58efb0 [0057.002] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\") returned 72 [0057.002] GetProcessHeap () returned 0x570000 [0057.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x92) returned 0x594710 [0057.002] lstrcpyW (in: lpString1=0x594710, lpString2="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\") returned="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\" [0057.002] GetProcessHeap () returned 0x570000 [0057.002] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x588da8 | out: hHeap=0x570000) returned 1 [0057.002] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 1 [0057.002] lstrcmpiW (lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2=".") returned 1 [0057.002] lstrcmpiW (lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2="..") returned 1 [0057.002] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\", lpString2="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005" [0057.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 50 [0057.002] GetProcessHeap () returned 0x570000 [0057.002] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x32) returned 0x5926e8 [0057.002] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchWideChar=-1, lpMultiByteStr=0x5926e8, cbMultiByte=50, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpUsedDefaultChar=0x0) returned 50 [0057.002] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0057.002] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 1 [0057.002] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 1 [0057.002] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0057.003] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0057.004] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0057.004] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\" [0057.004] GetProcessHeap () returned 0x570000 [0057.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58efc0 [0057.004] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\") returned 83 [0057.004] GetProcessHeap () returned 0x570000 [0057.004] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xa8) returned 0x5947b0 [0057.004] lstrcpyW (in: lpString1=0x5947b0, lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\" [0057.004] GetProcessHeap () returned 0x570000 [0057.004] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5926e8 | out: hHeap=0x570000) returned 1 [0057.004] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005", cAlternateFileName="{F8CFE~1.210")) returned 0 [0057.004] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0057.005] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\" [0057.005] GetProcessHeap () returned 0x570000 [0057.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5947b0 | out: hHeap=0x570000) returned 1 [0057.005] GetProcessHeap () returned 0x570000 [0057.005] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efc0 | out: hHeap=0x570000) returned 1 [0057.005] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\") returned 83 [0057.006] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\", lpString2="*" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*" [0057.006] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0057.007] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.007] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.007] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.007] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.007] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 1 [0057.007] lstrcmpiW (lpString1="packages", lpString2=".") returned 1 [0057.007] lstrcmpiW (lpString1="packages", lpString2="..") returned 1 [0057.008] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\", lpString2="packages" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages" [0057.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="packages", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.008] GetProcessHeap () returned 0x570000 [0057.008] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0057.008] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="packages", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="packages", lpUsedDefaultChar=0x0) returned 9 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0057.008] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 1 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 1 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 1 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 1 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 1 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0057.009] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="packages", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 1 [0057.009] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\" [0057.009] GetProcessHeap () returned 0x570000 [0057.009] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58efc0 [0057.009] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\") returned 92 [0057.009] GetProcessHeap () returned 0x570000 [0057.010] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xba) returned 0x5947b0 [0057.010] lstrcpyW (in: lpString1=0x5947b0, lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\" [0057.010] GetProcessHeap () returned 0x570000 [0057.010] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x590f68 | out: hHeap=0x570000) returned 1 [0057.010] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="packages", cAlternateFileName="")) returned 0 [0057.010] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0057.010] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\" [0057.010] GetProcessHeap () returned 0x570000 [0057.010] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5947b0 | out: hHeap=0x570000) returned 1 [0057.010] GetProcessHeap () returned 0x570000 [0057.010] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efc0 | out: hHeap=0x570000) returned 1 [0057.010] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\") returned 92 [0057.010] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\", lpString2="*" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*" [0057.010] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0057.010] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.010] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcbbb880, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcbbb880, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.011] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.011] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.011] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 1 [0057.011] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2=".") returned 1 [0057.011] lstrcmpiW (lpString1="vcRuntimeAdditional_x86", lpString2="..") returned 1 [0057.011] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\", lpString2="vcRuntimeAdditional_x86" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86" [0057.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vcRuntimeAdditional_x86", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 24 [0057.011] GetProcessHeap () returned 0x570000 [0057.011] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x18) returned 0x58fdc0 [0057.011] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="vcRuntimeAdditional_x86", cchWideChar=-1, lpMultiByteStr=0x58fdc0, cbMultiByte=24, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vcRuntimeAdditional_x86", lpUsedDefaultChar=0x0) returned 24 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows", cchCount2=-1) returned 1 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Microsoft", cchCount2=-1) returned 3 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Microsoft Help", cchCount2=-1) returned 3 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows App Certification Kit", cchCount2=-1) returned 1 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows Defender", cchCount2=-1) returned 1 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="ESET", cchCount2=-1) returned 3 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="COMODO", cchCount2=-1) returned 3 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows NT", cchCount2=-1) returned 1 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows Kits", cchCount2=-1) returned 1 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows Mail", cchCount2=-1) returned 1 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows Media Player", cchCount2=-1) returned 1 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows Multimedia Platform", cchCount2=-1) returned 1 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows Phone Kits", cchCount2=-1) returned 1 [0057.011] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows Phone Silverlight Kits", cchCount2=-1) returned 1 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows Photo Viewer", cchCount2=-1) returned 1 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows Portable Devices", cchCount2=-1) returned 1 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Windows Sidebar", cchCount2=-1) returned 1 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="WindowsPowerShell", cchCount2=-1) returned 1 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="NVIDIA Corporation", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Microsoft.NET", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Internet Explorer", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Kaspersky Lab", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="McAfee", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Avira", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="spytech software", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="sysconfig", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Avast", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Dr.Web", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Symantec", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Symantec_Client_Security", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="system volume information", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="AVG", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Microsoft Shared", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Common Files", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Outlook Express", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Movie Maker", cchCount2=-1) returned 3 [0057.012] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Chrome", cchCount2=-1) returned 3 [0057.013] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Mozilla Firefox", cchCount2=-1) returned 3 [0057.014] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Opera", cchCount2=-1) returned 3 [0057.014] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="YandexBrowser", cchCount2=-1) returned 1 [0057.014] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="ntldr", cchCount2=-1) returned 3 [0057.014] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="Wsus", cchCount2=-1) returned 1 [0057.015] CompareStringA (Locale=0x800, dwCmpFlags=0x1, lpString1="vcRuntimeAdditional_x86", cchCount1=-1, lpString2="ProgramData", cchCount2=-1) returned 3 [0057.015] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86", lpString2="\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\" [0057.015] GetProcessHeap () returned 0x570000 [0057.015] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x8) returned 0x58efc0 [0057.015] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\") returned 116 [0057.015] GetProcessHeap () returned 0x570000 [0057.015] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0xea) returned 0x5947b0 [0057.015] lstrcpyW (in: lpString1=0x5947b0, lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\" [0057.015] GetProcessHeap () returned 0x570000 [0057.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58fdc0 | out: hHeap=0x570000) returned 1 [0057.015] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="vcRuntimeAdditional_x86", cAlternateFileName="VCRUNT~1")) returned 0 [0057.015] FindClose (in: hFindFile=0x5925a8 | out: hFindFile=0x5925a8) returned 1 [0057.015] lstrcpyW (in: lpString1=0x50df8c, lpString2="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\" [0057.015] GetProcessHeap () returned 0x570000 [0057.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x5947b0 | out: hHeap=0x570000) returned 1 [0057.015] GetProcessHeap () returned 0x570000 [0057.015] HeapFree (in: hHeap=0x570000, dwFlags=0x0, lpMem=0x58efc0 | out: hHeap=0x570000) returned 1 [0057.015] lstrlenW (lpString="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\") returned 116 [0057.015] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\", lpString2="*" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*" [0057.015] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\*", lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x5925a8 [0057.016] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0057.016] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xcbbb880, ftCreationTime.dwHighDateTime=0x1d2e621, ftLastAccessTime.dwLowDateTime=0xcc07b40, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0xcc07b40, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0057.016] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0057.016] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0057.016] FindNextFileW (in: hFindFile=0x5925a8, lpFindFileData=0x50dd3c | out: lpFindFileData=0x50dd3c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x532ebf00, ftCreationTime.dwHighDateTime=0x1cf3dd3, ftLastAccessTime.dwLowDateTime=0x532ebf00, ftLastAccessTime.dwHighDateTime=0x1cf3dd3, ftLastWriteTime.dwLowDateTime=0x532ebf00, ftLastWriteTime.dwHighDateTime=0x1cf3dd3, nFileSizeHigh=0x0, nFileSizeLow=0x4b4520, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="cab1.cab", cAlternateFileName="")) returned 1 [0057.016] lstrcmpiW (lpString1="cab1.cab", lpString2=".") returned 1 [0057.016] lstrcmpiW (lpString1="cab1.cab", lpString2="..") returned 1 [0057.016] lstrcatW (in: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\", lpString2="cab1.cab" | out: lpString1="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" [0057.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 9 [0057.016] GetProcessHeap () returned 0x570000 [0057.016] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x9) returned 0x590f68 [0057.016] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="cab1.cab", cchWideChar=-1, lpMultiByteStr=0x590f68, cbMultiByte=9, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="cab1.cab", lpUsedDefaultChar=0x0) returned 9 [0057.016] lstrlenA (lpString="cab1.cab") returned 8 [0057.016] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0057.016] lstrlenA (lpString="cab1.cab") returned 8 [0057.016] lstrlenA (lpString=".{Killback@protonmail.com}KBK") returned 29 [0057.016] lstrcmpiW (lpString1="cab1.cab", lpString2="decrypt_files.html") returned -1 [0057.016] lstrcmpiW (lpString1="cab1.cab", lpString2="93603CF02EAF23F319BB1EF860A69BA06C8E84CE34898E7A109832B06CDDB887") returned 1 [0057.016] PathFindFileNameW (pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sihvgt.exe") returned="sihvgt.exe" [0057.016] lstrcmpiW (lpString1="cab1.cab", lpString2="sihvgt.exe") returned -1 [0057.016] _alloca_probe () returned 0x40908b [0057.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 125 [0057.017] GetProcessHeap () returned 0x570000 [0057.017] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x7d) returned 0x588f18 [0057.017] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab", cchWideChar=-1, lpMultiByteStr=0x588f18, cbMultiByte=125, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab", lpUsedDefaultChar=0x0) returned 125 [0057.017] UuidCreate (in: Uuid=0x50bb9c | out: Uuid=0x50bb9c) returned 0x0 [0057.017] wsprintfA (in: param_1=0x50bbac, param_2="{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}" | out: param_1="{1426CB35-C1AB-4214-9708-E4A880406F57}") returned 38 [0057.017] lstrlenA (lpString="{1426CB35-C1AB-4214-9708-E4A880406F57}") returned 38 [0057.017] CreateFileW (lpFileName="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab" (normalized: "c:\\users\\all users\\package cache\\{f8cfeb22-a2e7-3971-9eda-4b11edefc185}v12.0.21005\\packages\\vcruntimeadditional_x86\\cab1.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x80 [0057.017] GetFileSizeEx (in: hFile=0x80, lpFileSize=0x50bb3c | out: lpFileSize=0x50bb3c*=4932896) returned 1 [0057.017] lstrlenA (lpString="{1426CB35-C1AB-4214-9708-E4A880406F57}") returned 38 [0057.017] GetProcessHeap () returned 0x570000 [0057.017] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x6c) returned 0x5947b0 [0057.017] GetProcessHeap () returned 0x570000 [0057.017] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x8, Size=0x80) returned 0x594828 [0057.017] lstrlenA (lpString="C:\\Users\\All Users\\Package Cache\\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}v12.0.21005\\packages\\vcRuntimeAdditional_x86\\cab1.cab") returned 124 [0057.028] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.097] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.097] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.097] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.097] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.147] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.147] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.147] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.147] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.148] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.148] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.148] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.148] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.148] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.148] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.149] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.149] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.149] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.150] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.150] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.150] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.150] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.150] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.150] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.150] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.151] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.151] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.151] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.151] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.156] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.157] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.157] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.157] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.184] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.185] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.185] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.185] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.185] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.185] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.186] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.186] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.186] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.187] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.187] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.187] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.187] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.188] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.188] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.188] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.189] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.189] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.189] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.189] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.190] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.190] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.190] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.190] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.191] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.191] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.192] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.192] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.193] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.193] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.193] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.193] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.195] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.195] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.195] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.195] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.291] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.291] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.291] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.291] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.509] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.509] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.509] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.509] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.571] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.572] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.572] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.572] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.590] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.591] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.591] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.591] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.648] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.648] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.648] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.648] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.714] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.714] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.715] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.715] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.798] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.798] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.798] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.799] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.854] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.855] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.855] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.855] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0057.947] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0057.948] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0057.948] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0057.948] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.001] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.002] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.002] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.002] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.003] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.003] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.003] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.003] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.004] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.004] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.004] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.004] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.004] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.005] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.005] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.005] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.005] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.006] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.006] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.007] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.007] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.007] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.007] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.007] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.008] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.008] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.008] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.008] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.012] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.012] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.012] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.013] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.013] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.013] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.013] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.013] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.016] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.016] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.017] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.017] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.017] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.017] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.018] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.018] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.018] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.019] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.019] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.019] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.020] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.020] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.024] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.024] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.024] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.024] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.025] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.025] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.039] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.039] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.039] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.039] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.078] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.079] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.079] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.079] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.086] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.087] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.088] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.088] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.143] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.143] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.143] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.144] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.166] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.173] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.173] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.173] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.174] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.175] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.175] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.175] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.175] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.176] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.176] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.186] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.190] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.190] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.190] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.191] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.191] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.191] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.191] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.192] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.192] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.193] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.193] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.193] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.194] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.194] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.194] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.194] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.195] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.195] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.195] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.195] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.196] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.196] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.196] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.196] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.197] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.197] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.197] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.197] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.197] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.197] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.197] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.220] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.221] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.221] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.221] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.222] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.226] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.227] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.227] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.227] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.228] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.228] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.228] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.236] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.237] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.237] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.237] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.274] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.274] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.274] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.274] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.274] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.275] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.275] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.275] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.306] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.307] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.307] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.307] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.314] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.315] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.315] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.315] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.315] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.316] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.316] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.316] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.316] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.317] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.317] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.317] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.318] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.318] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.319] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.320] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.320] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.321] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.321] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.321] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.322] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.322] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.322] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.323] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.323] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.324] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.324] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.324] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.324] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.324] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.325] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.328] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.328] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.329] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.329] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.329] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.330] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.330] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.330] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.330] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.331] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.331] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.331] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.331] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.332] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.332] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.332] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.333] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.333] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.333] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.333] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.334] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.334] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.334] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.334] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.335] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.336] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.336] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.336] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.337] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.337] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.337] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.337] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.338] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.338] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.338] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.339] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.342] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.343] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.343] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.343] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.343] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.344] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.344] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.344] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.345] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.345] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.345] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.345] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.346] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.346] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.347] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.347] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.347] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.348] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.348] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.348] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.348] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.349] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.349] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.349] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.349] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.351] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.351] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.351] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.352] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.352] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.353] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.353] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.353] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.354] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.354] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.354] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.354] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.355] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.355] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.355] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.355] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.356] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.356] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.356] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.356] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.357] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.357] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.357] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.358] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.358] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.358] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.359] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.359] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.360] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.360] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.360] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.375] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.375] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.375] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.375] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.444] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.445] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.445] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.445] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.445] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.445] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.446] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.446] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.450] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.451] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.451] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.451] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.451] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.452] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.452] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.452] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.470] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.476] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.476] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.476] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.476] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.477] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.477] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.477] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.491] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.491] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.491] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.491] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.510] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.510] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.510] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.510] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.511] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.511] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.511] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.512] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.512] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.513] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.513] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.514] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.515] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.515] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.515] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.515] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.516] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.516] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.517] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.517] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.517] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.518] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.518] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.518] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.519] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.519] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.520] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.523] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.523] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.525] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.525] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.525] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.525] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.527] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.527] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.527] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.528] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.528] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.528] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.528] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.534] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.535] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.535] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.535] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.536] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.536] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.536] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.536] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.536] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.537] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.537] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.537] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.538] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.538] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.539] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.539] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.539] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.540] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.541] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.541] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.541] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.542] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.542] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.542] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.542] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.543] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.543] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.543] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.543] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.544] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.544] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.544] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.545] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.546] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.546] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.546] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.546] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.547] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.547] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.547] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.547] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.548] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.548] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.548] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.549] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.549] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.550] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.550] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.550] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.551] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.551] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.551] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.551] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.553] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.553] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.553] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.561] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.561] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.561] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.561] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.562] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.563] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.563] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.563] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.563] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.564] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.564] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.564] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.565] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.565] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.565] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.565] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.566] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.566] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.567] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.567] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.567] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.568] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.568] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.568] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.568] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.569] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.569] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.569] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.570] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.570] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.570] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.570] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.576] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.577] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.577] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.577] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.577] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.578] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.578] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.578] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.579] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.579] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.579] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.580] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.580] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.581] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.581] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.581] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.584] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.590] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.591] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.591] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.592] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.592] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.592] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.592] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.593] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.596] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.596] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.596] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.598] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.598] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.599] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.599] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.599] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.600] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.600] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.600] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.603] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.603] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.603] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.603] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.605] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.605] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.606] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.606] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.606] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.606] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.606] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.607] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.626] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.626] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.626] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.626] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.627] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.627] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.627] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.627] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.636] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.637] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.637] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.637] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.644] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.648] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.650] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.654] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.656] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.656] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.657] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.657] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.658] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.659] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.659] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.659] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.660] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.660] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.661] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.661] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.662] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.662] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.663] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.663] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.664] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.665] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.667] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.668] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.668] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.669] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.669] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.669] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.669] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.671] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.671] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.671] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.672] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.672] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.672] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.672] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.678] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.684] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.684] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.684] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.684] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.685] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.685] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.685] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.694] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.694] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.695] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.695] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.695] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.696] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.696] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.696] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.696] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.697] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.697] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.697] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.698] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.698] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.698] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.698] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.699] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.700] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.700] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.700] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.704] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.705] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.705] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0058.705] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.705] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0058.706] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.706] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.743] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.743] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.744] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.744] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.767] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.767] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.856] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.856] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.862] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.862] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.865] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.865] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.867] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.867] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.868] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.868] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.943] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.943] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.944] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.944] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.945] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.945] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.947] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.947] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0058.948] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0058.948] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0059.019] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0059.019] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0059.964] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0059.964] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0059.994] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0059.994] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.032] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.032] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.075] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.076] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.143] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.143] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.144] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.144] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.145] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.145] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.145] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.145] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.218] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.218] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.230] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.230] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.253] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.253] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.254] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.255] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.255] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.255] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.271] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.272] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.301] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.302] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.396] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.396] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.405] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.405] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.511] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.511] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.661] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.662] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.879] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.880] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.942] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.943] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.944] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.944] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.944] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.944] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0060.987] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0060.987] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.030] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.031] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.032] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.032] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.033] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.033] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.034] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.034] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.091] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.091] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.092] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.092] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.092] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.093] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.093] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.094] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.094] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.095] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.095] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.095] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.143] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.144] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.144] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.144] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.144] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.145] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.145] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.145] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.145] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.146] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.146] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.146] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.146] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.146] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.147] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.147] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.147] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.147] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.148] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.148] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.148] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.148] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.149] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.149] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.149] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.150] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.150] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.151] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.151] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.151] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.151] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.154] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.154] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.154] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.155] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.155] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.155] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.155] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.215] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.215] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.216] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.216] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.249] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.249] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.249] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.249] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.408] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.408] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.409] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.409] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.497] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.497] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.497] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.497] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.514] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.514] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.514] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.514] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.548] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.548] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.548] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.548] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.645] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.645] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.645] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.645] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.664] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.664] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.664] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.664] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0061.749] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0061.750] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0061.750] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0061.750] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0062.016] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.016] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0062.016] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0062.016] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0062.017] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.017] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0062.017] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0062.017] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0062.098] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.098] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0062.098] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0062.098] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0062.251] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.252] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0062.252] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0062.252] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0062.943] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0062.943] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0062.943] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0062.943] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0063.007] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0063.009] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0063.009] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0063.009] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0063.666] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0063.666] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0063.666] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0063.666] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0063.718] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0063.718] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0063.718] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0063.718] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0063.768] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0063.768] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0063.768] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0063.768] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0063.789] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0063.789] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0063.789] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0063.789] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0063.810] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0063.811] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0063.811] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0063.811] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0063.811] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0063.811] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0063.811] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0063.811] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0063.869] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0063.870] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0063.870] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0063.870] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0063.871] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0063.871] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0063.871] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0063.871] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0064.035] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0064.035] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0064.035] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0064.035] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0064.246] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0064.247] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0064.247] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0064.247] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0064.473] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0064.473] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0064.473] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0064.473] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0064.500] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0064.500] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0064.500] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0064.500] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0064.644] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0064.644] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0064.644] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0064.644] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0064.827] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0064.828] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0064.828] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0064.828] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0064.887] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0064.887] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0064.887] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0064.887] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0064.958] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0064.958] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0064.958] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0064.958] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0064.977] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0064.978] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0064.978] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0064.978] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0065.319] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0065.320] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0065.320] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0065.320] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0065.405] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0065.405] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0065.405] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0065.405] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0065.450] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0065.451] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0065.451] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0065.451] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0065.536] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0065.537] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0065.537] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0065.537] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0065.694] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0065.694] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0065.694] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0065.694] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0065.695] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0065.695] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0065.695] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0065.695] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0065.712] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0065.712] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0065.712] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0065.713] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0065.726] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0065.726] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0065.726] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0065.726] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0065.746] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0065.747] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0065.747] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0065.747] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.038] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.039] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.039] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.039] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.039] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.039] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.040] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.040] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.071] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.071] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.071] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.071] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.089] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.090] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.090] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.090] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.090] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.091] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.092] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.092] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.092] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.093] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.093] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.093] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.094] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.094] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.094] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.108] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.109] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.109] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.109] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.109] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.109] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.110] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.110] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.116] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.117] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.117] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.117] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.117] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.118] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.118] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.118] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.118] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.119] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.119] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.119] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.120] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.120] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.120] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.120] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.121] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.121] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.122] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.122] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.122] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.123] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.123] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.123] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.123] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.123] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.124] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.124] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.132] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.133] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.133] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.133] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.134] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.134] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.134] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.134] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.135] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.135] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.136] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.136] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.136] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.137] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.137] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.137] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.137] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.138] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.139] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.139] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.139] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.148] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.158] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.158] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.159] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.159] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.159] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.159] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.163] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.164] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.164] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.164] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.164] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.165] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.165] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.165] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.165] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.166] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.166] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.166] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.166] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.167] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.167] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.167] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.168] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.168] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.168] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.168] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1 [0066.174] WriteFile (in: hFile=0x80, lpBuffer=0x50bcfc*, nNumberOfBytesToWrite=0x2000, lpNumberOfBytesWritten=0x50bb34, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesWritten=0x50bb34*=0x2000, lpOverlapped=0x0) returned 1 [0066.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0x2000, lpNewFilePointer=0x0, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0x0) returned 1 [0066.174] ReadFile (in: hFile=0x80, lpBuffer=0x50bcfc, nNumberOfBytesToRead=0x2000, lpNumberOfBytesRead=0x50bb38, lpOverlapped=0x0 | out: lpBuffer=0x50bcfc*, lpNumberOfBytesRead=0x50bb38*=0x2000, lpOverlapped=0x0) returned 1 [0066.174] SetFilePointerEx (in: hFile=0x80, liDistanceToMove=0xffffe000, lpNewFilePointer=0xffffffff, dwMoveMethod=0x50bb04 | out: lpNewFilePointer=0xffffffff) returned 1